7JL Casino.REGISTER NOW GET FREE 888 PESOS REWARDS!

lucacubisino
(@lucacubisino)

4 years, 3 months ago

Hi All,

I am writing because all of a sudden I am not allowed to access my website anymore: stayhomecompetition.com. This is so weird because I have never had any kind of these problems. I also haven’t updated/installed plugins recently or made significant changes on the website. The only text I get is “403 Forbidden – nginx”. Also, the file wp-config.php is missing…

Please, help me.

Many thanks,
Luca

The page I need help with: [log in to see the link]
Viewing 6 replies - 1 through 6 (of 6 total)
(@aniash_29)
That’s unfortunate. Did you try checking the server logs (error log, probably under /var/log/nginx/error.log)? The key is to understand what went wrong where; error logs should be a great starting point to look.
Do let know what you notice.
This reply was modified 4 years, 3 months ago by Aniket Ashtikar.
Thread Starter
lucacubisino
(@lucacubisino)
4 years, 3 months ago
Thank you so much Aniket. I have located the error_log file but it is too large to copy and past its code in here. How should I send it?
Aniket Ashtikar
(@aniash_29)
4 years, 3 months ago
Did you notice any error, warning or anything in that file towards the end? You can try copy pasting the last few lines in that file using this command below (shell command follows):
tail -20 /var/log/nginx/error.log
Then you can select, copy and paste the log here and we can try to see what went wrong where.
Thread Starter
lucacubisino
(@lucacubisino)
4 years, 3 months ago
Many thanks, really much appreciated. I am really desperate to get the site back (these were crucial days for us…)
I have many of these on Aug 13:
[Thu Aug 13 15:52:28.316879 2020] [:error] [pid 4750:tid 139987948308224] [client 47.244.4.229:33270] [client 47.244.4.229] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzVFnFq-vj0JWL4QmdrOqAAAAMs"], referer: https://stayhomecompetition.com/xmlrpc.php

Then many others of these (still Aug 13):
[Thu Aug 13 16:03:25.548640 2020] [:error] [pid 15061:tid 139987912328960] [client 157.230.239.6:57146] [client 157.230.239.6] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzVILVwPjFW2AC56jyS6GwAAAQ8"]
[Thu Aug 13 16:03:26.680516 2020] [:error] [pid 15225:tid 139987937507072] [client 157.230.239.6:57232] [client 157.230.239.6] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzVILk8wUoPIawCsS2V1eQAAAUw"]

Then, from Aug 14 on (sorry if it is too much):
[Fri Aug 14 00:09:20.350881 2020] [:error] [pid 2832:tid 139987764836096] [client 45.55.61.114:56012] [client 45.55.61.114] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzW6D8QeW92D9K@yV6OieAAAAKA"]
[Fri Aug 14 00:09:20.681897 2020] [:error] [pid 2832:tid 139987991439104] [client 45.55.61.114:56052] [client 45.55.61.114] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzW6EMQeW92D9K@yV6OifQAAAIU"]
[Fri Aug 14 00:21:11.521709 2020] [:error] [pid 2832:tid 139987622160128] [client 162.214.28.25:44910] [client 162.214.28.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzW818QeW92D9K@yV6OvqwAAALE"]
[Fri Aug 14 00:21:14.704667 2020] [:error] [pid 2832:tid 139987647338240] [client 162.214.28.25:44980] [client 162.214.28.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzW82sQeW92D9K@yV6OvuAAAAK4"]
[Fri Aug 14 00:32:57.000032 2020] [:error] [pid 2832:tid 139987840370432] [client 161.35.210.241:42346] [client 161.35.210.241] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzW-mMQeW92D9K@yV6PCBAAAAJc"]
[Fri Aug 14 00:32:57.046296 2020] [:error] [pid 2832:tid 139987932690176] [client 161.35.210.241:42360] [client 161.35.210.241] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzW-mcQeW92D9K@yV6PCCAAAAIw"]
[Fri Aug 14 00:37:12.425007 2020] [:error] [pid 2723:tid 139988016617216] [client 64.202.184.249:55530] [client 64.202.184.249] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzXAmNcts6KFtWXn5EKy9QAAAMI"]
[Fri Aug 14 00:37:12.912381 2020] [:error] [pid 2778:tid 139988016617216] [client 64.202.184.249:55544] [client 64.202.184.249] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzXAmFiEVTln7lFtoMWZdQAAAQI"]
[Fri Aug 14 00:50:04.183928 2020] [:error] [pid 2832:tid 139987697694464] [client 118.69.173.199:50500] [client 118.69.173.199] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzXDm8QeW92D9K@yV6PceQAAAKg"]
[Fri Aug 14 00:50:05.714776 2020] [:error] [pid 2723:tid 139987957868288] [client 118.69.173.199:50542] [client 118.69.173.199] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzXDndcts6KFtWXn5EK48AAAAMk"]
[Fri Aug 14 01:00:23.767982 2020] [:error] [pid 2832:tid 139987907512064] [client 106.12.208.175:40458] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/Config_Shell.php"] [unique_id "XzXGB8QeW92D9K@yV6PrqgAAAI8"], referer: https://stayhomecompetition.com/Config_Shell.php
[Fri Aug 14 01:00:23.768335 2020] [:error] [pid 2832:tid 139987907512064] [client 106.12.208.175:40458] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/51_asl_rootkits.conf"] [line "42"] [id "390501"] [rev "4"] [msg "Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename"] [data "shell.php"] [severity "CRITICAL"] Warning. Pattern match "(?:POST|GET)" at REQUEST_METHOD. [hostname "stayhomecompetition.com"] [uri "/Config_Shell.php"] [unique_id "XzXGB8QeW92D9K@yV6PrqgAAAI8"], referer: https://stayhomecompetition.com/Config_Shell.php
[Fri Aug 14 01:00:25.536870 2020] [:error] [pid 2832:tid 139987941082880] [client 106.12.208.175:40508] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/config/AspCms_Config.asp"] [unique_id "XzXGCcQeW92D9K@yV6PrtQAAAIs"], referer: https://stayhomecompetition.com/config/AspCms_Config.asp
[Fri Aug 14 01:00:26.267814 2020] [:error] [pid 2832:tid 139987957868288] [client 106.12.208.175:40532] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/inc/AspCms_AdvJs.asp"] [unique_id "XzXGCsQeW92D9K@yV6PrugAAAIk"], referer: https://stayhomecompetition.com/inc/AspCms_AdvJs.asp
[Fri Aug 14 01:00:27.134396 2020] [:error] [pid 2778:tid 139987773228800] [client 106.12.208.175:40554] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/config/AspCms_Config.asp"] [unique_id "XzXGC1iEVTln7lFtoMWqrQAAAR8"], referer: https://stayhomecompetition.com/config/AspCms_Config.asp
[Fri Aug 14 01:00:27.835235 2020] [:error] [pid 2723:tid 139987664123648] [client 106.12.208.175:40574] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/Inc/md5.asp"] [unique_id "XzXGC9cts6KFtWXn5EK9TQAAAOw"], referer: https://stayhomecompetition.com/Inc/md5.asp
[Fri Aug 14 01:00:29.268263 2020] [:error] [pid 2832:tid 139987991439104] [client 106.12.208.175:40656] [client 106.12.208.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "437"] [id "336656"] [rev "2"] [msg "Atomicorp.com WAF Rules: Fake MSIE 9./0 browser Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)."] [severity "CRITICAL"] Warning. Pattern match "^Mozilla/4\\\\.0 \\\\(compatible; MSIE 9.0; Windows NT 6.1\\\\)$" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/inc/md5.asp"] [unique_id "XzXGDcQeW92D9K@yV6Pr0QAAAIU"], referer: https://stayhomecompetition.com/inc/md5.asp
[Fri Aug 14 01:01:15.399893 2020] [:error] [pid 2832:tid 139987764836096] [client 139.59.43.71:42378] [client 139.59.43.71] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzXGO8QeW92D9K@yV6PtAAAAAKA"]
[Fri Aug 14 01:01:16.729506 2020] [:error] [pid 2723:tid 139987773228800] [client 139.59.43.71:42446] [client 139.59.43.71] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzXGPNcts6KFtWXn5EK9vgAAAN8"]
[Fri Aug 14 01:13:53.481062 2020] [:error] [pid 2832:tid 139988016617216] [client 18.139.66.150:35344] [client 18.139.66.150] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzXJMcQeW92D9K@yV6P@BAAAAII"]
[Fri Aug 14 01:13:56.512433 2020] [:error] [pid 2832:tid 139987890726656] [client 18.139.66.150:35418] [client 18.139.66.150] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzXJNMQeW92D9K@yV6P@GAAAAJE"]
[Fri Aug 14 01:24:25.771358 2020] [:error] [pid 2778:tid 139987873941248] [client 64.227.7.123:49530] [client 64.227.7.123] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "60"] [id "377360"] [rev "2"] [msg "Atomicorp.com WAF Rules - Login Failure Detection: WordPress Login Attempt Failure "] [severity "WARNING"] [tag "no_ar"] Warning. Pattern match "200" at RESPONSE_STATUS. [hostname "stayhomecompetition.com"] [uri "/wp-login.php"] [unique_id "XzXLqViEVTln7lFtoMW6swAAARM"]
[Fri Aug 14 01:24:26.107248 2020] [:error] [pid 2832:tid 139987647338240] [client 64.227.7.123:49540] [client 64.227.7.123] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "85"] [id "377619"] [rev "2"] [msg "Atomicorp.com WAF Rules - Bruteforce Login Failure Detection: WordPress Multiple Simultaneous Login Attempt Failure "] [severity "CRITICAL"] Warning. Pattern match "system\\\\.multicall" at REQUEST_BODY. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzXLqsQeW92D9K@yV6MJPgAAAK4"]
[Fri Aug 14 03:37:56.080182 2020] [:error] [pid 2778:tid 139987941082880] [client 212.227.174.175:35968] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/profile/register/"] [unique_id "XzXq9FiEVTln7lFtoMUSxwAAAQs"]
[Fri Aug 14 03:37:56.680355 2020] [:error] [pid 2832:tid 139987672516352] [client 212.227.174.175:35980] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/profile/register/"] [unique_id "XzXq9MQeW92D9K@yV6OfrQAAAKs"]
[Fri Aug 14 03:37:57.611585 2020] [:error] [pid 2832:tid 139987890726656] [client 212.227.174.175:35986] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/wp/profile/register/"] [unique_id "XzXq9cQeW92D9K@yV6OfrwAAAJE"]
[Fri Aug 14 03:37:58.004106 2020] [:error] [pid 2832:tid 139987932690176] [client 212.227.174.175:35996] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/wp/profile/register/"] [unique_id "XzXq9cQeW92D9K@yV6OfsgAAAIw"]
[Fri Aug 14 03:37:58.407827 2020] [:error] [pid 2832:tid 139987806799616] [client 212.227.174.175:35998] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/wordpress/profile/register/"] [unique_id "XzXq9sQeW92D9K@yV6OfswAAAJs"]
[Fri Aug 14 03:37:58.781465 2020] [:error] [pid 2723:tid 139987647338240] [client 212.227.174.175:36002] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/wordpress/profile/register/"] [unique_id "XzXq9tcts6KFtWXn5EL@CQAAAO4"]
[Fri Aug 14 03:37:59.345744 2020] [:error] [pid 2832:tid 139987957868288] [client 212.227.174.175:36006] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/blog/profile/register/"] [unique_id "XzXq98QeW92D9K@yV6OftAAAAIk"]
[Fri Aug 14 03:37:59.668803 2020] [:error] [pid 2778:tid 139987638945536] [client 212.227.174.175:36014] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/blog/profile/register/"] [unique_id "XzXq91iEVTln7lFtoMUSzgAAAS8"]
[Fri Aug 14 03:38:00.634187 2020] [:error] [pid 2832:tid 139987714479872] [client 212.227.174.175:36036] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/new/profile/register/"] [unique_id "XzXq@MQeW92D9K@yV6OfvAAAAKY"]
[Fri Aug 14 03:38:01.407086 2020] [:error] [pid 2832:tid 139987941082880] [client 212.227.174.175:36048] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/new/profile/register/"] [unique_id "XzXq@cQeW92D9K@yV6OfwAAAAIs"]
[Fri Aug 14 03:38:02.135928 2020] [:error] [pid 2832:tid 139987924297472] [client 212.227.174.175:36074] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/old/profile/register/"] [unique_id "XzXq@sQeW92D9K@yV6OfxgAAAI0"]
[Fri Aug 14 03:38:03.152206 2020] [:error] [pid 2778:tid 139987622160128] [client 212.227.174.175:36106] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/old/profile/register/"] [unique_id "XzXq@1iEVTln7lFtoMUS1gAAATE"]
[Fri Aug 14 03:38:03.941885 2020] [:error] [pid 2778:tid 139987831977728] [client 212.227.174.175:36126] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/demo/profile/register/"] [unique_id "XzXq@1iEVTln7lFtoMUS1wAAARg"]
[Fri Aug 14 03:38:04.829538 2020] [:error] [pid 2832:tid 139987697694464] [client 212.227.174.175:36150] [client 212.227.174.175] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "237"] [id "331039"] [rev "1"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (Python-urllib).  Disable this rule if you use Python-urllib. "] [severity "CRITICAL"] Warning. Match of "rx (^w3c-|systran\\\\))" against "REQUEST_HEADERS:User-Agent" required. [hostname "stayhomecompetition.com"] [uri "/demo/profile/register/"] [unique_id "XzXq-MQeW92D9K@yV6OfzwAAAKg"]
[Fri Aug 14 06:55:53.026821 2020] [:error] [pid 29177:tid 139987906307840] [client 192.0.87.33:35698] [client 192.0.87.33] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzYZWXI0dvL6ylV2Jzlp6QAAAI8"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=bTgUJ%26%40HUkLl%21zk2%29ukZB%23JUDdg%28tuu%25%3A1%3A0&timestamp=1597380952&nonce=TDMrimgzt5&body-hash=0PHU18WhLCQo4eIFeWoBtWYP%2FOE%3D&signature=KrgMRcfGskFGVk%2FjdoAfkdz6Nhw%3D
[Fri Aug 14 15:40:18.150292 2020] [:error] [pid 6348:tid 139987987789568] [client 192.0.99.245:48658] [client 192.0.99.245] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzaUQg1GiQ1Ld-MEsmrw4QAAAEQ"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597412417&nonce=feTg1eHaZ9&body-hash=Qa9IRbSAI3uhvYYr4KA%2F8tIT5Og%3D&signature=Uh4a02xe6UC%2BN%2FAsooDKG7MGRJ8%3D
[Fri Aug 14 15:40:18.203502 2020] [:error] [pid 6173:tid 139987954218752] [client 192.0.101.53:48662] [client 192.0.101.53] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzaUQmPXZgaHtDUjoOkVCAAAAIg"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597412417&nonce=591luTrfvu&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=mk%2BnwbJG0KyK81%2FPg482mWpZMyo%3D
[Fri Aug 14 15:40:18.375841 2020] [:error] [pid 6348:tid 139987777971968] [client 192.0.99.101:48668] [client 192.0.99.101] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "XzaUQg1GiQ1Ld-MEsmrw5AAAAF0"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597412417&nonce=YUhwkhhziR&body-hash=L6iLUQY1d6Cc%2FQGayXNZhxd5JDM%3D&signature=x1DLRnYgj7yiwVMNqS8u%2B2Z%2BMW0%3D
[Fri Aug 14 15:45:44.588385 2020] [:error] [pid 6279:tid 139987736008448] [client 178.32.47.218:33702] [client 178.32.47.218] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/99_asl_jitp.conf"] [line "3561"] [id "381206"] [rev "3"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked"] [data "wp-config.php"] [severity "CRITICAL"] Warning. Pattern match "wp-config\\\\.php" at ARGS:file_url. [hostname "stayhomecompetition.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "XzaViNZHuJ9pkcARCM9oCgAAASI"]
[Fri Aug 14 15:45:44.588440 2020] [:error] [pid 6279:tid 139987736008448] [client 178.32.47.218:33702] [client 178.32.47.218] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/99_asl_jitp.conf"] [line "3638"] [id "336461"] [rev "8"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file"] [data "../wp-config.php"] [severity "CRITICAL"] Warning. Pattern match "(?:POST|GET)" at REQUEST_METHOD. [hostname "stayhomecompetition.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "XzaViNZHuJ9pkcARCM9oCgAAASI"]
[Fri Aug 14 23:00:25.838076 2020] [:error] [pid 20593:tid 139987713165056] [client 39.101.150.29:38472] [client 39.101.150.29] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/99_asl_jitp.conf"] [line "4749"] [id "373357"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe"] [severity "CRITICAL"] Warning. Pattern match "/data/admin/allowurl\\\\.txt" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/data/admin/allowurl.txt"] [unique_id "Xzb7aexbEaaGBkbdLEaxFQAAAGM"]
[Sat Aug 15 01:20:06.145290 2020] [:error] [pid 20380:tid 139987671201536] [client 162.200.140.205:56782] [client 162.200.140.205] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "211"] [id "390709"] [rev "30"] [msg "Atomicorp.com WAF Rules: Attempt to access protected file remotely"] [data "/etc/"] [severity "CRITICAL"] Warning. Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini|web.config)\\\\b|( |^|\\\\.\\\\.)/etc/|/\\\\.(?:history|bash_history|sh_history|env)$)" at REQUEST_FILENAME. [hostname "stayhomecompetition.com"] [uri "/etc/nginx/nginx.conf"] [unique_id "XzccJnVaetjHR8hyaNhygAAAACg"]
[Sat Aug 15 01:20:13.625260 2020] [:error] [pid 20433:tid 139987679594240] [client 162.200.140.205:57018] [client 162.200.140.205] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "211"] [id "390709"] [rev "30"] [msg "Atomicorp.com WAF Rules: Attempt to access protected file remotely"] [data "/etc/"] [severity "CRITICAL"] Warning. Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini|web.config)\\\\b|( |^|\\\\.\\\\.)/etc/|/\\\\.(?:history|bash_history|sh_history|env)$)" at REQUEST_FILENAME. [hostname "stayhomecompetition.com"] [uri "/etc/nginx/nginx.conf"] [unique_id "XzccLaGIWvK3IBeCT-OzdQAAAOc"]
[Sat Aug 15 03:47:27.254657 2020] [:error] [pid 20486:tid 139987662808832] [client 192.0.102.27:48920] [client 192.0.102.27] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "Xzc@r71GC7I1HTg94cszkAAAAKk"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597456046&nonce=kJGxSm2Bft&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=H4SXdph4hyOtJy6w2xZNu5Hu3eI%3D
[Sat Aug 15 03:47:27.488531 2020] [:error] [pid 20486:tid 139987981731584] [client 192.0.100.164:48922] [client 192.0.100.164] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "Xzc@r71GC7I1HTg94cszkQAAAIM"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597456046&nonce=EdOo54Ga1X&body-hash=L6iLUQY1d6Cc%2FQGayXNZhxd5JDM%3D&signature=jLqlEYnuR45oXcReqX3ybcTHauE%3D
[Sat Aug 15 03:47:27.544575 2020] [:error] [pid 20593:tid 139987729950464] [client 192.0.99.101:48924] [client 192.0.99.101] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/12_asl_brute.conf"] [line "83"] [id "323338"] Warning. Pattern match "^/xmlrpc.php\\\\?for=jetpack" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/xmlrpc.php"] [unique_id "Xzc@r@xbEaaGBkbdLEZBigAAAGE"], referer: https://stayhomecompetition.com/xmlrpc.php?for=jetpack&token=crvFm8zkd%24qvtikTXzDCR1uO5vtXvGRs%3A1%3A1&timestamp=1597456046&nonce=qHpeEl3uan&body-hash=Qa9IRbSAI3uhvYYr4KA%2F8tIT5Og%3D&signature=DtxCDWvBqydCAmOVJFEy2febM%2Fw%3D
[Sun Aug 16 00:21:53.502623 2020] [:error] [pid 31791:tid 139987654305536] [client 39.101.1.61:55302] [client 39.101.1.61] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/99_asl_jitp.conf"] [line "4749"] [id "373357"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe"] [severity "CRITICAL"] Warning. Pattern match "/data/admin/allowurl\\\\.txt" at REQUEST_URI. [hostname "stayhomecompetition.com"] [uri "/data/admin/allowurl.txt"] [unique_id "XzhgAcdss@nk-S8Fpd3@ywAAAWc"]
[Sun Aug 16 12:48:02.126310 2020] [:error] [pid 3084:tid 140320616318720] [client 95.179.241.61:47790] [client 95.179.241.61] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/"] [unique_id "XzkO4qoO4-wKqIT43e2@aQAAAOY"]
[Mon Aug 17 01:37:52.862620 2020] [:error] [pid 27329:tid 140320671692544] [client 82.165.119.25:42444] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUIgYdvYEdhSYfZorJQAAAN4"]
[Mon Aug 17 01:37:52.961008 2020] [:error] [pid 27223:tid 140320646514432] [client 82.165.119.25:42448] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUNDDPqxEHp6B7UcYQAAAASE"]
[Mon Aug 17 01:37:53.143856 2020] [:error] [pid 27329:tid 140320629729024] [client 82.165.119.25:42450] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUYgYdvYEdhSYfZorJwAAAOM"]
[Mon Aug 17 01:37:53.235272 2020] [:error] [pid 27223:tid 140320713656064] [client 82.165.119.25:42454] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/modules/autoupgrade/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUdDDPqxEHp6B7UcYQQAAARk"]
[Mon Aug 17 01:37:53.338813 2020] [:error] [pid 27276:tid 140320923473664] [client 82.165.119.25:42458] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUd507oOGoJhc9mxTVAAAAUA"]
[Mon Aug 17 01:37:53.445224 2020] [:error] [pid 27329:tid 140320923473664] [client 82.165.119.25:42472] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUYgYdvYEdhSYfZorLAAAAMA"]
[Mon Aug 17 01:37:53.546137 2020] [:error] [pid 27276:tid 140320822761216] [client 82.165.119.25:42476] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUd507oOGoJhc9mxTVQAAAUw"]
[Mon Aug 17 01:37:53.677876 2020] [:error] [pid 27276:tid 140320696870656] [client 82.165.119.25:42480] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/modules/ps_facetedsearch/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUd507oOGoJhc9mxTVwAAAVs"]
[Mon Aug 17 01:37:53.854875 2020] [:error] [pid 27170:tid 140320839546624] [client 82.165.119.25:42482] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/system/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUWRNBgxoH1CnsbixLQAAAIo"]
[Mon Aug 17 01:37:53.962298 2020] [:error] [pid 27276:tid 140320856332032] [client 82.165.119.25:42484] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/modules/gamification/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUd507oOGoJhc9mxTWAAAAUg"]
[Mon Aug 17 01:37:54.064587 2020] [:error] [pid 27276:tid 140320873117440] [client 82.165.119.25:42488] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/shop/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUt507oOGoJhc9mxTWQAAAUY"]
[Mon Aug 17 01:37:54.262444 2020] [:error] [pid 27170:tid 140320814368512] [client 82.165.119.25:42492] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUmRNBgxoH1CnsbixLgAAAI0"]
[Mon Aug 17 01:37:54.383852 2020] [:error] [pid 27223:tid 140320881510144] [client 82.165.119.25:42496] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/core/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUtDDPqxEHp6B7UcYRgAAAQU"]
[Mon Aug 17 01:37:54.481561 2020] [:error] [pid 27117:tid 140320596158208] [client 82.165.119.25:42504] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/mahara/auth/saml/extlib/simplesamlphp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUjIRJPF1bcMqnJmFTgAAACc"]
[Mon Aug 17 01:37:54.585830 2020] [:error] [pid 27117:tid 140320898295552] [client 82.165.119.25:42508] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/concrete/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUjIRJPF1bcMqnJmFTwAAAAM"]
[Mon Aug 17 01:37:54.678226 2020] [:error] [pid 27329:tid 140320512231168] [client 82.165.119.25:42512] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/local/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUogYdvYEdhSYfZorLwAAAPE"]
[Mon Aug 17 01:37:54.776257 2020] [:error] [pid 27276:tid 140320713656064] [client 82.165.119.25:42516] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUt507oOGoJhc9mxTWgAAAVk"]
[Mon Aug 17 01:37:54.864754 2020] [:error] [pid 27276:tid 140320889902848] [client 82.165.119.25:42518] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUt507oOGoJhc9mxTWwAAAUQ"]
[Mon Aug 17 01:37:54.963573 2020] [:error] [pid 27223:tid 140320537409280] [client 82.165.119.25:42520] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDUtDDPqxEHp6B7UcYSQAAAS4"]
[Mon Aug 17 01:37:55.076846 2020] [:error] [pid 27276:tid 140320671692544] [client 82.165.119.25:42522] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/mapa/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU9507oOGoJhc9mxTXAAAAV4"]
[Mon Aug 17 01:37:55.177009 2020] [:error] [pid 27329:tid 140320646514432] [client 82.165.119.25:42530] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/platform/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU4gYdvYEdhSYfZorMQAAAOE"]
[Mon Aug 17 01:37:55.309880 2020] [:error] [pid 27170:tid 140320831153920] [client 82.165.119.25:42538] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/2018/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU2RNBgxoH1CnsbixMgAAAIs"]
[Mon Aug 17 01:37:55.520688 2020] [:error] [pid 27276:tid 140320545801984] [client 82.165.119.25:42552] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/all/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU9507oOGoJhc9mxTYQAAAW0"]
[Mon Aug 17 01:37:55.637111 2020] [:error] [pid 27276:tid 140320789190400] [client 82.165.119.25:42564] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU9507oOGoJhc9mxTYgAAAVA"]
[Mon Aug 17 01:37:55.726525 2020] [:error] [pid 27170:tid 140320915080960] [client 82.165.119.25:42570] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/pro/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU2RNBgxoH1CnsbixOwAAAIE"]
[Mon Aug 17 01:37:55.839950 2020] [:error] [pid 27276:tid 140320738834176] [client 82.165.119.25:42580] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU9507oOGoJhc9mxTYwAAAVY"]
[Mon Aug 17 01:37:55.978169 2020] [:error] [pid 27276:tid 140320722048768] [client 82.165.119.25:42588] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDU9507oOGoJhc9mxTZAAAAVg"]
[Mon Aug 17 01:37:56.072343 2020] [:error] [pid 27329:tid 140320747226880] [client 82.165.119.25:42590] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVIgYdvYEdhSYfZorNgAAANU"]
[Mon Aug 17 01:37:56.181861 2020] [:error] [pid 27329:tid 140320545801984] [client 82.165.119.25:42598] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/2020/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVIgYdvYEdhSYfZorOAAAAO0"]
[Mon Aug 17 01:37:56.283380 2020] [:error] [pid 27329:tid 140320730441472] [client 82.165.119.25:42602] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/2019/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVIgYdvYEdhSYfZorOQAAANc"]
[Mon Aug 17 01:37:56.375971 2020] [:error] [pid 27223:tid 140320814368512] [client 82.165.119.25:42608] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/beta/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVNDDPqxEHp6B7UcYTAAAAQ0"]
[Mon Aug 17 01:37:56.466116 2020] [:error] [pid 27170:tid 140320680085248] [client 82.165.119.25:42616] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/portal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVGRNBgxoH1CnsbixQQAAAJ0"]
[Mon Aug 17 01:37:56.625654 2020] [:error] [pid 27170:tid 140320621336320] [client 82.165.119.25:42624] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/pms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVGRNBgxoH1CnsbixQwAAAKQ"]
[Mon Aug 17 01:37:56.720645 2020] [:error] [pid 27117:tid 140320839546624] [client 82.165.119.25:42630] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/id/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVDIRJPF1bcMqnJmFUgAAAAo"]
[Mon Aug 17 01:37:56.826803 2020] [:error] [pid 27117:tid 140320873117440] [client 82.165.119.25:42634] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/test/med-decision/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVDIRJPF1bcMqnJmFVAAAAAY"]
[Mon Aug 17 01:37:56.928441 2020] [:error] [pid 27329:tid 140320814368512] [client 82.165.119.25:42640] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/site/PortalEscolar/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVIgYdvYEdhSYfZorPAAAAM0"]
[Mon Aug 17 01:37:57.039769 2020] [:error] [pid 27329:tid 140320831153920] [client 82.165.119.25:42650] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVYgYdvYEdhSYfZorQQAAAMs"]
[Mon Aug 17 01:37:57.140136 2020] [:error] [pid 27117:tid 140320562587392] [client 82.165.119.25:42656] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVTIRJPF1bcMqnJmFVgAAACs"]
[Mon Aug 17 01:37:57.238399 2020] [:error] [pid 27276:tid 140320906688256] [client 82.165.119.25:42664] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/en/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVd507oOGoJhc9mxTawAAAUI"]
[Mon Aug 17 01:37:57.343870 2020] [:error] [pid 27276:tid 140320915080960] [client 82.165.119.25:42670] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/administration/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVd507oOGoJhc9mxTbQAAAUE"]
[Mon Aug 17 01:37:57.439070 2020] [:error] [pid 27276:tid 140320881510144] [client 82.165.119.25:42676] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/login/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVd507oOGoJhc9mxTcAAAAUU"]
[Mon Aug 17 01:37:57.532820 2020] [:error] [pid 27223:tid 140320688477952] [client 82.165.119.25:42682] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/v1/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVdDDPqxEHp6B7UcYUQAAARw"]
[Mon Aug 17 01:37:57.667363 2020] [:error] [pid 27223:tid 140320520623872] [client 82.165.119.25:42690] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/web/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVdDDPqxEHp6B7UcYUgAAATA"]
[Mon Aug 17 01:37:57.797261 2020] [:error] [pid 27117:tid 140320864724736] [client 82.165.119.25:42694] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/site/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVTIRJPF1bcMqnJmFWwAAAAc"]
[Mon Aug 17 01:37:57.894870 2020] [:error] [pid 27117:tid 140320545801984] [client 82.165.119.25:42696] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/assets/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVTIRJPF1bcMqnJmFXAAAAC0"]
[Mon Aug 17 01:37:57.995511 2020] [:error] [pid 27117:tid 140320923473664] [client 82.165.119.25:42702] [client 82.165.119.25] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/20_asl_useragents.conf"] [line "218"] [id "332039"] [rev "4"] [msg "Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests).  Disable this rule if you use python-requests/. "] [severity "CRITICAL"] Warning. Pattern match "python-requests/" at REQUEST_HEADERS:User-Agent. [hostname "stayhomecompetition.com"] [uri "/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "XznDVTIRJPF1bcMqnJmFXwAAAAA"]
[Mon Aug 17 13:09:06.885009 2020] [proxy_fcgi:error] [pid 24966:tid 140320630896384] [client 50.63.197.89:43570] AH01071: Got error 'Primary script unknown'
[Mon Aug 17 13:09:06.912239 2020] [proxy_fcgi:error] [pid 25019:tid 140320698038016] [client 50.63.197.89:43572] AH01071: Got error 'Primary script unknown'
This reply was modified 4 years, 3 months ago by Steven Stern (sterndata).
This reply was modified 4 years, 3 months ago by Steven Stern (sterndata).
Aniket Ashtikar
(@aniash_29)
4 years, 3 months ago
Hi @lucacubisino,
I don’t see a straightforward error indicating a fatal error but there are many security related issues/errors on your server (bruteforce, multiple login attempts, etc., check modsecurity related log messages). Also, your server configuration will need to looked into in detail.
Your server is not able to find wp-config.php and redirects to setup-config.php but is not able to handle php requests (fastcgi error).
I’d recommend you get the site thoroughly audited for security and also seek help of an expert to review and reinstate your website/webserver. They can also make sure your webserver is safe and the website can then be restored back.
Thread Starter
lucacubisino
(@lucacubisino)
4 years, 3 months ago
Thank you. So, if am understanding well, this could this be a hacker attack to the website, right? Also, I don’t know any expert. Any suggestion? Or anyone here who is reading this willing to help?
Viewing 6 replies - 1 through 6 (of 6 total)
The topic ‘403 Forbidden – nginx + wp-config.php missing’ is closed to new replies.
403 Forbidden – nginx + wp-config.php missing

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics
