⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.89
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
thread-self
/
root
/
proc
/
self
/
root
/
var
/
log
/
View File Name :
modsec_audit.log
--aa8dad38-A-- [27/Jul/2025:00:03:01.591530 +0300] aIVChaNZBKS0rtj_BfuetQAAAIA 64.227.44.46 50664 127.0.0.1 7080 --aa8dad38-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 64.227.44.46 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --aa8dad38-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --aa8dad38-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIVChaNZBKS0rtj_BfuetQAAAIA"] Stopwatch: 1753563781586108 5505 (- - -) Stopwatch2: 1753563781586108 5505; combined=3322, p1=575, p2=2578, p3=29, p4=47, p5=93, sr=163, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aa8dad38-Z-- --7e39e779-A-- [27/Jul/2025:00:03:01.882302 +0300] aIVChaNZBKS0rtj_BfueuQAAAJY 64.227.44.46 50670 127.0.0.1 7080 --7e39e779-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 64.227.44.46 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --7e39e779-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --7e39e779-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.git/config"] [unique_id "aIVChaNZBKS0rtj_BfueuQAAAJY"] Stopwatch: 1753563781875596 6760 (- - -) Stopwatch2: 1753563781875596 6760; combined=4038, p1=1063, p2=2850, p3=24, p4=34, p5=67, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7e39e779-Z-- --2a2e132c-A-- [27/Jul/2025:00:11:30.198930 +0300] aIVEgqNZBKS0rtj_Bfur_AAAAJE 5.253.247.27 36422 127.0.0.1 7081 --2a2e132c-B-- GET /ansible.cfg HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 5.253.247.27 Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Accept-Encoding: gzip --2a2e132c-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --2a2e132c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/ansible.cfg"] [unique_id "aIVEgqNZBKS0rtj_Bfur_AAAAJE"] Stopwatch: 1753564290193683 5346 (- - -) Stopwatch2: 1753564290193683 5346; combined=3179, p1=564, p2=2452, p3=27, p4=54, p5=82, sr=175, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2a2e132c-Z-- --ebf31a30-A-- [27/Jul/2025:00:37:01.298955 +0300] aIVKfDA2J8mc4XeXgIUJPgAAAFQ 78.40.176.204 46506 127.0.0.1 7081 --ebf31a30-B-- GET /administration/index.php?code=4/0AVMBsJjNUyPkcMxr3HJtEhQx1BiW1YyL56BtyDLRsWZrlaQoioT66YGL23_h_NHELqlx2w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=pusprpshk1nh0i7eae98r13c97 --ebf31a30-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --ebf31a30-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIVKfDA2J8mc4XeXgIUJPgAAAFQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753565820631879 667383 (- - -) Stopwatch2: 1753565820631879 667383; combined=5798, p1=1508, p2=3918, p3=145, p4=60, p5=166, sr=416, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ebf31a30-Z-- --1e1d1d32-A-- [27/Jul/2025:00:37:13.198889 +0300] aIVKhqNZBKS0rtj_BfvUnAAAAIg 205.196.221.54 58476 127.0.0.1 7081 --1e1d1d32-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 205.196.221.54 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept-language: en-US,en;q=0.5 referer: http://glamilea.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --1e1d1d32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --1e1d1d32-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIVKhqNZBKS0rtj_BfvUnAAAAIg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753565830890621 2308442 (- - -) Stopwatch2: 1753565830890621 2308442; combined=3512, p1=488, p2=2886, p3=0, p4=0, p5=137, sr=137, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e1d1d32-Z-- --5d604539-A-- [27/Jul/2025:00:38:10.005057 +0300] aIVKwaNZBKS0rtj_BfvWmAAAAJc 78.40.176.204 38862 127.0.0.1 7081 --5d604539-B-- GET /administration/index.php?code=4/0AVMBsJifUHKuf_QtVqkQCfiVVSJtBhBhds8Zk0CMRqG8A8SIjl32onZAySDog8H75sfiQA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=pusprpshk1nh0i7eae98r13c97 --5d604539-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --5d604539-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIVKwaNZBKS0rtj_BfvWmAAAAJc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753565889320114 685118 (- - -) Stopwatch2: 1753565889320114 685118; combined=4539, p1=588, p2=3592, p3=187, p4=60, p5=112, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5d604539-Z-- --ae67c02a-A-- [27/Jul/2025:00:56:21.518057 +0300] aIVPBaNZBKS0rtj_Bfv15AAAAI0 193.32.162.96 35156 127.0.0.1 7081 --ae67c02a-B-- GET /app/config/security.yml HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 193.32.162.96 Connection: close User-Agent: Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Accept-Encoding: gzip --ae67c02a-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae67c02a-H-- Message: Warning. Matched phrase "/config/security.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/security.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.alc.edu.lb"] [uri "/app/config/security.yml"] [unique_id "aIVPBaNZBKS0rtj_Bfv15AAAAI0"] Stopwatch: 1753566981513831 4300 (- - -) Stopwatch2: 1753566981513831 4300; combined=2612, p1=502, p2=1988, p3=23, p4=37, p5=62, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ae67c02a-Z-- --844a2032-A-- [27/Jul/2025:01:03:50.438866 +0300] aIVQxjA2J8mc4XeXgIUd2QAAAFE 157.230.250.239 56808 127.0.0.1 7081 --844a2032-B-- GET /.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 157.230.250.239 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15 accept: */* referer: http://www.jinansystem.com/.env --844a2032-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --844a2032-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env"] [unique_id "aIVQxjA2J8mc4XeXgIUd2QAAAFE"] Stopwatch: 1753567430434160 4827 (- - -) Stopwatch2: 1753567430434160 4827; combined=3005, p1=691, p2=2118, p3=0, p4=0, p5=196, sr=283, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --844a2032-Z-- --5e0cfe22-A-- [27/Jul/2025:01:03:51.476638 +0300] aIVQxzA2J8mc4XeXgIUd3AAAAEI 157.230.250.239 56892 127.0.0.1 7081 --5e0cfe22-B-- GET /config/.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 157.230.250.239 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 accept: */* referer: http://www.jinansystem.com/config/.env --5e0cfe22-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --5e0cfe22-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/config/.env"] [unique_id "aIVQxzA2J8mc4XeXgIUd3AAAAEI"] Stopwatch: 1753567431470408 6413 (- - -) Stopwatch2: 1753567431470408 6413; combined=4125, p1=624, p2=3407, p3=0, p4=0, p5=94, sr=178, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e0cfe22-Z-- --93419056-A-- [27/Jul/2025:01:03:52.885221 +0300] aIVQyDA2J8mc4XeXgIUd4gAAAEg 157.230.250.239 57096 127.0.0.1 7081 --93419056-B-- GET /api/.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 157.230.250.239 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/120.0.0.0 accept: */* referer: http://www.jinansystem.com/api/.env --93419056-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --93419056-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/api/.env"] [unique_id "aIVQyDA2J8mc4XeXgIUd4gAAAEg"] Stopwatch: 1753567432879352 5939 (- - -) Stopwatch2: 1753567432879352 5939; combined=3483, p1=690, p2=2716, p3=0, p4=0, p5=77, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --93419056-Z-- --8ca63428-A-- [27/Jul/2025:01:03:55.151119 +0300] aIVQy6NZBKS0rtj_BfsEDwAAAII 157.230.250.239 56504 127.0.0.1 7081 --8ca63428-B-- GET /.env.backup HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 157.230.250.239 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36 accept: */* referer: http://www.jinansystem.com/.env.backup --8ca63428-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --8ca63428-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.jinansystem.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env.backup"] [unique_id "aIVQy6NZBKS0rtj_BfsEDwAAAII"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.jinansystem.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jinansystem.com"] [uri "/.env.backup"] [unique_id "aIVQy6NZBKS0rtj_BfsEDwAAAII"] Stopwatch: 1753567435146071 5126 (- - -) Stopwatch2: 1753567435146071 5126; combined=3052, p1=629, p2=2279, p3=0, p4=0, p5=144, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8ca63428-Z-- --ca35ec08-A-- [27/Jul/2025:01:03:55.906327 +0300] aIVQyzA2J8mc4XeXgIUd9AAAAE4 157.230.250.239 56634 127.0.0.1 7081 --ca35ec08-B-- GET /.env.bak HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 157.230.250.239 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Linux; Android 14; SM-G991B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36 accept: */* referer: http://www.jinansystem.com/.env.bak --ca35ec08-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --ca35ec08-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.jinansystem.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env.bak"] [unique_id "aIVQyzA2J8mc4XeXgIUd9AAAAE4"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.jinansystem.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jinansystem.com"] [uri "/.env.bak"] [unique_id "aIVQyzA2J8mc4XeXgIUd9AAAAE4"] Stopwatch: 1753567435902356 4039 (- - -) Stopwatch2: 1753567435902356 4039; combined=2522, p1=525, p2=1876, p3=0, p4=0, p5=121, sr=183, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca35ec08-Z-- --4a889544-A-- [27/Jul/2025:01:17:25.517360 +0300] aIVT9aNZBKS0rtj_BfsSngAAAII 192.42.116.192 35750 127.0.0.1 7081 --4a889544-B-- GET /app/config/security.yml HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 192.42.116.192 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_0) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15 Accept: */* Accept-Language: en Accept-Encoding: gzip --4a889544-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/app/config/security.yml Content-Length: 324 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a889544-H-- Message: Warning. Matched phrase "/config/security.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/security.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/app/config/security.yml"] [unique_id "aIVT9aNZBKS0rtj_BfsSngAAAII"] Stopwatch: 1753568245516004 1472 (- - -) Stopwatch2: 1753568245516004 1472; combined=977, p1=717, p2=0, p3=39, p4=52, p5=168, sr=157, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a889544-Z-- --e72fda3f-A-- [27/Jul/2025:01:28:01.833390 +0300] aIVWcaNZBKS0rtj_BfsZnwAAAJE 194.116.214.207 44266 127.0.0.1 7080 --e72fda3f-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 194.116.214.207 Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --e72fda3f-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --e72fda3f-E-- --e72fda3f-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||41.128.143.86|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||41.128.143.86|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "41.128.143.86"] [uri "/hello.world"] [unique_id "aIVWcaNZBKS0rtj_BfsZnwAAAJE"] Stopwatch: 1753568881821497 12019 (- - -) Stopwatch2: 1753568881821497 12019; combined=8611, p1=1983, p2=6037, p3=226, p4=62, p5=302, sr=1142, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e72fda3f-Z-- --95905b02-A-- [27/Jul/2025:01:49:18.098228 +0300] aIVbbqNZBKS0rtj_BfsvoAAAAIg 103.125.190.93 40368 127.0.0.1 7081 --95905b02-B-- GET /.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 103.125.190.93 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* --95905b02-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --95905b02-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env"] [unique_id "aIVbbqNZBKS0rtj_BfsvoAAAAIg"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753570158096920 1407 (- - -) Stopwatch2: 1753570158096920 1407; combined=850, p1=694, p2=0, p3=34, p4=35, p5=87, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --95905b02-Z-- --fb3de027-A-- [27/Jul/2025:02:07:15.660098 +0300] aIVfozA2J8mc4XeXgIU_RQAAAEQ 192.42.116.208 56854 127.0.0.1 7081 --fb3de027-B-- GET /elmah.axd HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 192.42.116.208 Connection: close User-Agent: Mozilla/5.0 (SS; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --fb3de027-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --fb3de027-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/elmah.axd"] [unique_id "aIVfozA2J8mc4XeXgIU_RQAAAEQ"] Stopwatch: 1753571235656364 3825 (- - -) Stopwatch2: 1753571235656364 3825; combined=2492, p1=467, p2=1888, p3=26, p4=37, p5=74, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb3de027-Z-- --76085a0e-A-- [27/Jul/2025:02:08:53.093342 +0300] aIVgBaNZBKS0rtj_BftR_wAAAJE 35.245.110.119 36560 127.0.0.1 7081 --76085a0e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 35.245.110.119 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-user: ?1 upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 cookie: wordpress_test_cookie=WP%20Cookie%20check --76085a0e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --76085a0e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIVgBaNZBKS0rtj_BftR_wAAAJE"] Stopwatch: 1753571333086371 7157 (- - -) Stopwatch2: 1753571333086371 7157; combined=4346, p1=1049, p2=3160, p3=0, p4=0, p5=137, sr=222, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76085a0e-Z-- --7f502333-A-- [27/Jul/2025:02:24:29.825945 +0300] aIVjraNZBKS0rtj_BftuSgAAAIA 37.46.113.165 58390 127.0.0.1 7080 --7f502333-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 37.46.113.165 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --7f502333-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f502333-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIVjraNZBKS0rtj_BftuSgAAAIA"] Stopwatch: 1753572269821164 4945 (- - -) Stopwatch2: 1753572269821164 4945; combined=2990, p1=661, p2=2155, p3=25, p4=70, p5=79, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7f502333-Z-- --f417b059-A-- [27/Jul/2025:02:29:38.961567 +0300] aIVk4qNZBKS0rtj_Bft3kAAAAJQ 192.42.116.192 59458 127.0.0.1 7081 --f417b059-B-- GET /.hg/hgrc HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 192.42.116.192 Connection: close User-Agent: Mozilla/5.0 (Fedora; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --f417b059-F-- HTTP/1.1 403 Forbidden Content-Length: 268 Connection: close Content-Type: text/html; charset=iso-8859-1 --f417b059-H-- Message: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.alc.edu.lb"] [uri "/.hg/hgrc"] [unique_id "aIVk4qNZBKS0rtj_Bft3kAAAAJQ"] Stopwatch: 1753572578957418 4257 (- - -) Stopwatch2: 1753572578957418 4257; combined=2604, p1=591, p2=1865, p3=21, p4=33, p5=94, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f417b059-Z-- --9d7c5f0c-A-- [27/Jul/2025:02:42:39.474907 +0300] aIVn76NZBKS0rtj_BfuPFAAAAIc 45.143.200.32 34324 127.0.0.1 7081 --9d7c5f0c-B-- GET /.hg/hgrc HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 45.143.200.32 Connection: close User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Accept-Encoding: gzip --9d7c5f0c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/.hg/hgrc Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d7c5f0c-H-- Message: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/.hg/hgrc"] [unique_id "aIVn76NZBKS0rtj_BfuPFAAAAIc"] Stopwatch: 1753573359473421 1635 (- - -) Stopwatch2: 1753573359473421 1635; combined=819, p1=659, p2=0, p3=38, p4=37, p5=84, sr=218, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d7c5f0c-Z-- --5ec33e24-A-- [27/Jul/2025:02:48:18.580456 +0300] aIVpQjA2J8mc4XeXgIVhnwAAAFQ 80.211.79.253 46734 127.0.0.1 7081 --5ec33e24-B-- GET /.env HTTP/1.0 Host: specto.agency X-Real-IP: 80.211.79.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --5ec33e24-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --5ec33e24-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/.env"] [unique_id "aIVpQjA2J8mc4XeXgIVhnwAAAFQ"] Stopwatch: 1753573698558115 22559 (- - -) Stopwatch2: 1753573698558115 22559; combined=18878, p1=14820, p2=3942, p3=0, p4=0, p5=115, sr=204, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5ec33e24-Z-- --47fbb578-A-- [27/Jul/2025:02:48:18.653455 +0300] aIVpQqNZBKS0rtj_BfuZQQAAAJI 80.211.79.253 46738 127.0.0.1 7081 --47fbb578-B-- GET /administrator/.env HTTP/1.0 Host: specto.agency X-Real-IP: 80.211.79.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --47fbb578-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --47fbb578-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/administrator/.env"] [unique_id "aIVpQqNZBKS0rtj_BfuZQQAAAJI"] Stopwatch: 1753573698649067 4570 (- - -) Stopwatch2: 1753573698649067 4570; combined=2487, p1=713, p2=1675, p3=0, p4=0, p5=99, sr=259, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47fbb578-Z-- --d448b557-A-- [27/Jul/2025:02:48:19.228380 +0300] aIVpQ6NZBKS0rtj_BfuZSwAAAI4 80.211.79.253 46828 127.0.0.1 7081 --d448b557-B-- GET /.env.local HTTP/1.0 Host: specto.agency X-Real-IP: 80.211.79.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --d448b557-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --d448b557-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/.env.local"] [unique_id "aIVpQ6NZBKS0rtj_BfuZSwAAAI4"] Stopwatch: 1753573699223482 4965 (- - -) Stopwatch2: 1753573699223482 4965; combined=2833, p1=593, p2=2175, p3=0, p4=0, p5=65, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d448b557-Z-- --9e753045-A-- [27/Jul/2025:02:48:19.819470 +0300] aIVpQ6NZBKS0rtj_BfuZUgAAAI0 80.211.79.253 46918 127.0.0.1 7081 --9e753045-B-- GET /.env.production HTTP/1.0 Host: specto.agency X-Real-IP: 80.211.79.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --9e753045-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9e753045-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/.env.production"] [unique_id "aIVpQ6NZBKS0rtj_BfuZUgAAAI0"] Stopwatch: 1753573699796570 22970 (- - -) Stopwatch2: 1753573699796570 22970; combined=20483, p1=18038, p2=2360, p3=0, p4=0, p5=84, sr=193, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9e753045-Z-- --4c4a4b78-A-- [27/Jul/2025:02:48:20.977726 +0300] aIVpRKNZBKS0rtj_BfuZYQAAAJQ 80.211.79.253 47124 127.0.0.1 7081 --4c4a4b78-B-- GET /wp-content/.env HTTP/1.0 Host: specto.agency X-Real-IP: 80.211.79.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --4c4a4b78-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --4c4a4b78-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/wp-content/.env"] [unique_id "aIVpRKNZBKS0rtj_BfuZYQAAAJQ"] Stopwatch: 1753573700963245 14779 (- - -) Stopwatch2: 1753573700963245 14779; combined=10722, p1=2040, p2=7722, p3=0, p4=0, p5=959, sr=674, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4c4a4b78-Z-- --b4608a65-A-- [27/Jul/2025:02:51:08.839641 +0300] aIVp6aNZBKS0rtj_BfueVwAAAII 165.227.79.180 40656 127.0.0.1 7081 --b4608a65-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 165.227.79.180 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-user: ?1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 upgrade-insecure-requests: 1 sec-fetch-mode: navigate user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept-language: en-US,en;q=0.5 referer: http://glamilea.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-dest: document sec-fetch-site: same-origin cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --b4608a65-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --b4608a65-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIVp6aNZBKS0rtj_BfueVwAAAII"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753573865612317 3227671 (- - -) Stopwatch2: 1753573865612317 3227671; combined=3401, p1=504, p2=2745, p3=0, p4=0, p5=152, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b4608a65-Z-- --41689c00-A-- [27/Jul/2025:02:52:24.071085 +0300] aIVqODA2J8mc4XeXgIVlCgAAAFE 142.93.129.190 50840 127.0.0.1 7081 --41689c00-B-- GET /.env HTTP/1.0 Host: riyadh-choc.raqmix.cloud X-Real-IP: 142.93.129.190 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --41689c00-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --41689c00-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riyadh-choc.raqmix.cloud"] [uri "/.env"] [unique_id "aIVqODA2J8mc4XeXgIVlCgAAAFE"] Stopwatch: 1753573944011794 59404 (- - -) Stopwatch2: 1753573944011794 59404; combined=57258, p1=55164, p2=2005, p3=0, p4=0, p5=88, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --41689c00-Z-- --f61fbb51-A-- [27/Jul/2025:02:52:24.273092 +0300] aIVqODA2J8mc4XeXgIVlCwAAAEc 142.93.129.190 50874 127.0.0.1 7081 --f61fbb51-B-- GET /.git/config HTTP/1.0 Host: riyadh-choc.raqmix.cloud X-Real-IP: 142.93.129.190 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --f61fbb51-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --f61fbb51-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riyadh-choc.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIVqODA2J8mc4XeXgIVlCwAAAEc"] Stopwatch: 1753573944268896 4279 (- - -) Stopwatch2: 1753573944268896 4279; combined=2366, p1=468, p2=1829, p3=0, p4=0, p5=69, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f61fbb51-Z-- --8ce4176a-A-- [27/Jul/2025:02:58:31.234317 +0300] aIVrpKNZBKS0rtj_BfusLgAAAJc 94.141.5.251 38110 127.0.0.1 7081 --8ce4176a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 94.141.5.251 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-user: ?1 accept-language: en-US,en;q=0.5 upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 referer: http://glamilea.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-mode: navigate cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --8ce4176a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --8ce4176a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIVrpKNZBKS0rtj_BfusLgAAAJc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753574308937088 2297470 (- - -) Stopwatch2: 1753574308937088 2297470; combined=4939, p1=655, p2=4151, p3=0, p4=0, p5=132, sr=195, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8ce4176a-Z-- --8ca3ac39-A-- [27/Jul/2025:03:10:14.525541 +0300] aIVuZqNZBKS0rtj_BfvCTwAAAJA 192.42.116.178 37168 127.0.0.1 7081 --8ca3ac39-B-- GET /apiserver-etcd-client.key HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 192.42.116.178 Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --8ca3ac39-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --8ca3ac39-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/apiserver-etcd-client.key"] [unique_id "aIVuZqNZBKS0rtj_BfvCTwAAAJA"] Stopwatch: 1753575014521177 4446 (- - -) Stopwatch2: 1753575014521177 4446; combined=2712, p1=667, p2=1924, p3=27, p4=28, p5=66, sr=276, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8ca3ac39-Z-- --58f0f702-A-- [27/Jul/2025:03:32:26.049822 +0300] aIVzmqNZBKS0rtj_BfvsNQAAAIo 13.203.209.99 54250 127.0.0.1 7081 --58f0f702-B-- GET /.env HTTP/1.0 Host: raqmix.online X-Real-IP: 13.203.209.99 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --58f0f702-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 02:47:02 GMT ETag: "328-63149f7f06f3a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --58f0f702-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.online"] [uri "/.env"] [unique_id "aIVzmqNZBKS0rtj_BfvsNQAAAIo"] Stopwatch: 1753576346044951 4960 (- - -) Stopwatch2: 1753576346044951 4960; combined=3156, p1=558, p2=2528, p3=0, p4=0, p5=70, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --58f0f702-Z-- --b5678249-A-- [27/Jul/2025:03:34:54.831959 +0300] aIV0LqNZBKS0rtj_Bfvv3AAAAIY 213.209.143.116 50848 127.0.0.1 7081 --b5678249-B-- GET /.env HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --b5678249-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b5678249-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riyadhchocolate.com"] [uri "/.env"] [unique_id "aIV0LqNZBKS0rtj_Bfvv3AAAAIY"] Stopwatch: 1753576494826865 5206 (- - -) Stopwatch2: 1753576494826865 5206; combined=2994, p1=635, p2=2262, p3=0, p4=0, p5=96, sr=179, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b5678249-Z-- --e0e2211d-A-- [27/Jul/2025:03:36:44.904309 +0300] aIV0nKNZBKS0rtj_Bfvy3gAAAIA 40.113.89.154 38992 127.0.0.1 7081 --e0e2211d-B-- GET /wp-content/debug.log HTTP/1.0 Host: raqmix.cloud X-Real-IP: 40.113.89.154 X-Accel-Internal: /internal-nginx-static-location Connection: close --e0e2211d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --e0e2211d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||raqmix.cloud|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||raqmix.cloud|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "raqmix.cloud"] [uri "/wp-content/debug.log"] [unique_id "aIV0nKNZBKS0rtj_Bfvy3gAAAIA"] Stopwatch: 1753576604900296 4241 (- - -) Stopwatch2: 1753576604900296 4241; combined=2199, p1=397, p2=1730, p3=0, p4=0, p5=72, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0e2211d-Z-- --4f30ce41-A-- [27/Jul/2025:03:36:50.093473 +0300] aIV0oqNZBKS0rtj_BfvzBgAAAIA 40.113.89.154 39504 127.0.0.1 7081 --4f30ce41-B-- GET /.git/HEAD HTTP/1.0 Host: raqmix.cloud X-Real-IP: 40.113.89.154 X-Accel-Internal: /internal-nginx-static-location Connection: close --4f30ce41-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --4f30ce41-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.git/HEAD"] [unique_id "aIV0oqNZBKS0rtj_BfvzBgAAAIA"] Stopwatch: 1753576610089170 4386 (- - -) Stopwatch2: 1753576610089170 4386; combined=2380, p1=627, p2=1686, p3=0, p4=0, p5=67, sr=204, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4f30ce41-Z-- --4438d944-A-- [27/Jul/2025:03:36:51.576037 +0300] aIV0o6NZBKS0rtj_BfvzEQAAAJE 192.42.116.179 39628 127.0.0.1 7081 --4438d944-B-- GET /OA_HTML/bin/sqlnet.log HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 192.42.116.179 Connection: close User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept: */* Accept-Language: en Accept-Encoding: gzip --4438d944-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --4438d944-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/OA_HTML/bin/sqlnet.log"] [unique_id "aIV0o6NZBKS0rtj_BfvzEQAAAJE"] Stopwatch: 1753576611571730 4363 (- - -) Stopwatch2: 1753576611571730 4363; combined=2653, p1=472, p2=2054, p3=28, p4=33, p5=66, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4438d944-Z-- --e8c4402b-A-- [27/Jul/2025:03:50:24.996862 +0300] aIV30DA2J8mc4XeXgIWT-QAAAEM 77.90.153.170 51180 127.0.0.1 7081 --e8c4402b-B-- GET /.env HTTP/1.0 Host: crm.raqmix.net X-Real-IP: 77.90.153.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Unknown; U; UNIX BSD/SYSV system; C -) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.10.2 Accept-Charset: utf-8 Accept-Encoding: gzip --e8c4402b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=3710eee54a234118090dde88edcf1d84; expires=Sun, 27 Jul 2025 01:51:24 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --e8c4402b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.raqmix.net"] [uri "/.env"] [unique_id "aIV30DA2J8mc4XeXgIWT-QAAAEM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753577424699351 297600 (- - -) Stopwatch2: 1753577424699351 297600; combined=13080, p1=9178, p2=3802, p3=0, p4=0, p5=99, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e8c4402b-Z-- --2452070d-A-- [27/Jul/2025:04:00:29.331466 +0300] aIV6LaNZBKS0rtj_BfsdIQAAAIM 3.145.88.196 55452 127.0.0.1 7081 --2452070d-B-- GET /.git/config HTTP/1.0 Host: crm.raqmix.net X-Real-IP: 3.145.88.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --2452070d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=44eaa6dc02f25b11599216873b9e57b3; expires=Sun, 27 Jul 2025 02:01:29 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --2452070d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.raqmix.net"] [uri "/.git/config"] [unique_id "aIV6LaNZBKS0rtj_BfsdIQAAAIM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753578029039259 292291 (- - -) Stopwatch2: 1753578029039259 292291; combined=9046, p1=471, p2=8475, p3=0, p4=0, p5=99, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2452070d-Z-- --101bbe0d-A-- [27/Jul/2025:04:07:47.173835 +0300] aIV746NZBKS0rtj_BfspkAAAAJU 52.169.249.88 46076 127.0.0.1 7081 --101bbe0d-B-- GET /wp-content/debug.log HTTP/1.0 Host: jinansystem.com X-Real-IP: 52.169.249.88 X-Accel-Internal: /internal-nginx-static-location Connection: close --101bbe0d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --101bbe0d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jinansystem.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jinansystem.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/wp-content/debug.log"] [unique_id "aIV746NZBKS0rtj_BfspkAAAAJU"] Stopwatch: 1753578467167018 6952 (- - -) Stopwatch2: 1753578467167018 6952; combined=3901, p1=1208, p2=2547, p3=0, p4=0, p5=145, sr=180, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --101bbe0d-Z-- --51a3771f-A-- [27/Jul/2025:04:07:52.380569 +0300] aIV76KNZBKS0rtj_Bfsp1wAAAIQ 52.169.249.88 46932 127.0.0.1 7081 --51a3771f-B-- GET /.git/HEAD HTTP/1.0 Host: jinansystem.com X-Real-IP: 52.169.249.88 X-Accel-Internal: /internal-nginx-static-location Connection: close --51a3771f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --51a3771f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.git/HEAD"] [unique_id "aIV76KNZBKS0rtj_Bfsp1wAAAIQ"] Stopwatch: 1753578472376052 4626 (- - -) Stopwatch2: 1753578472376052 4626; combined=2630, p1=657, p2=1889, p3=0, p4=0, p5=84, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51a3771f-Z-- --7097fb79-A-- [27/Jul/2025:04:20:29.940477 +0300] aIV-3aNZBKS0rtj_BftB9AAAAIg 113.37.75.100 55708 127.0.0.1 7081 --7097fb79-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 113.37.75.100 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document cookie: wordpress_test_cookie=WP%20Cookie%20check --7097fb79-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --7097fb79-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIV-3aNZBKS0rtj_BftB9AAAAIg"] Stopwatch: 1753579229932987 7617 (- - -) Stopwatch2: 1753579229932987 7617; combined=5643, p1=945, p2=4612, p3=0, p4=0, p5=86, sr=209, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7097fb79-Z-- --9e48f212-A-- [27/Jul/2025:04:49:30.226386 +0300] aIWFqqNZBKS0rtj_Bft1LAAAAIE 213.209.143.116 37758 127.0.0.1 7081 --9e48f212-B-- GET /.env HTTP/1.0 Host: www.riyadhchocolate.com X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --9e48f212-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9e48f212-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.riyadhchocolate.com"] [uri "/.env"] [unique_id "aIWFqqNZBKS0rtj_Bft1LAAAAIE"] Stopwatch: 1753580970222094 4426 (- - -) Stopwatch2: 1753580970222094 4426; combined=2438, p1=575, p2=1777, p3=0, p4=0, p5=86, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9e48f212-Z-- --d70bb55c-A-- [27/Jul/2025:04:55:08.360309 +0300] aIWG-KNZBKS0rtj_BfuAYAAAAJU 18.232.70.132 43452 127.0.0.1 7081 --d70bb55c-B-- GET /.env.production HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --d70bb55c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:06 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --d70bb55c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env.production"] [unique_id "aIWG-KNZBKS0rtj_BfuAYAAAAJU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304251882 4113884 (- - -) Stopwatch2: 1753581304251882 4113884; combined=3449, p1=1204, p2=2081, p3=0, p4=0, p5=163, sr=174, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d70bb55c-Z-- --dc151438-A-- [27/Jul/2025:04:55:08.558358 +0300] aIWG-KNZBKS0rtj_BfuAYQAAAI0 18.232.70.132 43456 127.0.0.1 7081 --dc151438-B-- GET /.env.local HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --dc151438-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:06 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --dc151438-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env.local"] [unique_id "aIWG-KNZBKS0rtj_BfuAYQAAAI0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304258455 4300031 (- - -) Stopwatch2: 1753581304258455 4300031; combined=2830, p1=490, p2=2204, p3=0, p4=0, p5=135, sr=182, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc151438-Z-- --b6adba4b-A-- [27/Jul/2025:04:55:08.719899 +0300] aIWG-KNZBKS0rtj_BfuAXgAAAI4 18.232.70.132 43438 127.0.0.1 7081 --b6adba4b-B-- GET /.env.prod HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --b6adba4b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:07 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --b6adba4b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env.prod"] [unique_id "aIWG-KNZBKS0rtj_BfuAXgAAAI4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304248092 4471985 (- - -) Stopwatch2: 1753581304248092 4471985; combined=6665, p1=662, p2=5869, p3=0, p4=0, p5=133, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6adba4b-Z-- --50900f06-A-- [27/Jul/2025:04:55:08.741841 +0300] aIWG-KNZBKS0rtj_BfuAXwAAAIg 18.232.70.132 43430 127.0.0.1 7081 --50900f06-B-- GET /web.config HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --50900f06-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:07 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --50900f06-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||glamilea.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/web.config"] [unique_id "aIWG-KNZBKS0rtj_BfuAXwAAAIg"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||glamilea.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "glamilea.com"] [uri "/web.config"] [unique_id "aIWG-KNZBKS0rtj_BfuAXwAAAIg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304249443 4492495 (- - -) Stopwatch2: 1753581304249443 4492495; combined=5372, p1=653, p2=4541, p3=0, p4=0, p5=177, sr=219, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --50900f06-Z-- --78995b30-A-- [27/Jul/2025:04:55:08.763249 +0300] aIWG-KNZBKS0rtj_BfuAZQAAAJQ 18.232.70.132 43506 127.0.0.1 7081 --78995b30-B-- GET /.env HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --78995b30-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:07 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --78995b30-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env"] [unique_id "aIWG-KNZBKS0rtj_BfuAZQAAAJQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304375285 4388057 (- - -) Stopwatch2: 1753581304375285 4388057; combined=4530, p1=1976, p2=2403, p3=0, p4=0, p5=150, sr=188, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --78995b30-Z-- --ea25d72b-A-- [27/Jul/2025:04:55:09.040332 +0300] aIWG-KNZBKS0rtj_BfuAZgAAAJc 18.232.70.132 43498 127.0.0.1 7081 --ea25d72b-B-- GET /.env.sample HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --ea25d72b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:07 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ea25d72b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env.sample"] [unique_id "aIWG-KNZBKS0rtj_BfuAZgAAAJc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304380204 4660228 (- - -) Stopwatch2: 1753581304380204 4660228; combined=3707, p1=616, p2=2972, p3=0, p4=0, p5=118, sr=169, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea25d72b-Z-- --21c5e745-A-- [27/Jul/2025:04:55:09.582156 +0300] aIWG-KNZBKS0rtj_BfuAZwAAAIM 18.232.70.132 43496 127.0.0.1 7081 --21c5e745-B-- GET /.env.development HTTP/1.0 Host: glamilea.com X-Real-IP: 18.232.70.132 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AuthorizedSecurityScanner/1.0) accept-encoding: gzip --21c5e745-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 01:55:08 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --21c5e745-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env.development"] [unique_id "aIWG-KNZBKS0rtj_BfuAZwAAAIM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753581304383825 5198411 (- - -) Stopwatch2: 1753581304383825 5198411; combined=6698, p1=623, p2=5904, p3=0, p4=0, p5=170, sr=161, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21c5e745-Z-- --211cd832-A-- [27/Jul/2025:04:56:39.581066 +0300] aIWHVzA2J8mc4XeXgIXLNgAAAFA 209.97.180.8 47708 127.0.0.1 7081 --211cd832-B-- GET /.env HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 209.97.180.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --211cd832-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --211cd832-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riyadhchocolate.com"] [uri "/.env"] [unique_id "aIWHVzA2J8mc4XeXgIXLNgAAAFA"] Stopwatch: 1753581399572365 8815 (- - -) Stopwatch2: 1753581399572365 8815; combined=5637, p1=542, p2=4033, p3=0, p4=0, p5=1062, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --211cd832-Z-- --e342e10e-A-- [27/Jul/2025:04:56:39.783673 +0300] aIWHV6NZBKS0rtj_BfuDZwAAAJY 209.97.180.8 47742 127.0.0.1 7081 --e342e10e-B-- GET /.git/config HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 209.97.180.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --e342e10e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --e342e10e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riyadhchocolate.com"] [uri "/.git/config"] [unique_id "aIWHV6NZBKS0rtj_BfuDZwAAAJY"] Stopwatch: 1753581399779037 4783 (- - -) Stopwatch2: 1753581399779037 4783; combined=2669, p1=654, p2=1901, p3=0, p4=0, p5=114, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e342e10e-Z-- --0a377977-A-- [27/Jul/2025:04:58:07.575005 +0300] aIWHr6NZBKS0rtj_BfuFowAAAJI 54.145.154.193 53730 127.0.0.1 7081 --0a377977-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 54.145.154.193 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --0a377977-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --0a377977-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIWHr6NZBKS0rtj_BfuFowAAAJI"] Stopwatch: 1753581487570142 4984 (- - -) Stopwatch2: 1753581487570142 4984; combined=2948, p1=612, p2=2246, p3=0, p4=0, p5=90, sr=180, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a377977-Z-- --b5126b4d-A-- [27/Jul/2025:05:10:53.943955 +0300] aIWKpzA2J8mc4XeXgIXWTgAAAEI 185.177.72.10 50078 127.0.0.1 7081 --b5126b4d-B-- GET /.env HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b5126b4d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Im84MmovS3dnRkRHbFVVdlNWSFc0akE9PSIsInZhbHVlIjoiWER2YmQyOHFWYlBnelhlUDU1MDNMdmZUSkJhRndhYzcxMW5DLythQ3d5K0s1QlVLV3ZXZm1KcWFZRm84eVVLSFFoWVZsZERvMFJmd3FjRHVsbUVtRURGbE9pZlZLQjlvNVpqVXZGMmU0TnByRmxoOEVlNnkyeEp4VTFwMUNndFUiLCJtYWMiOiIwMmJkM2IyYjdmNDJkOWE5ZDZiMDIzMjYyMWZiMzgxZjkxZmFjNTE4YTljYWMzNWJiZjVjNzM2ODRjYTAyMzc0IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:53 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6IkVTUUMyaktDdWNDYW9sUFgvQ01vbFE9PSIsInZhbHVlIjoib1BhdjlTWXFQUld4M21KS1ptTWR3bk05ODVteFBjdVUzb2cyeXZVamcybWJwVFMwSTVtWGtlaE5YU0Q0bDNNNExMY3IreVhNTVppN2JvQ0FUNmJJQjByQUhlS0pVTTdUVWNHazhna093VmpXOUFDbVlrSHhNSDl3WGdQa2hGQjEiLCJtYWMiOiI1YjgzMDFmMzhiNjkxMDEzYmUxMDlmNzllM2Y2NWYwYTE2YTFlODdiYjE5YjZjNzQxNTZkNmEyN2FjOGZkYzI1IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:53 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --b5126b4d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env"] [unique_id "aIWKpzA2J8mc4XeXgIXWTgAAAEI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582247460898 6483198 (- - -) Stopwatch2: 1753582247460898 6483198; combined=25429, p1=22195, p2=2961, p3=0, p4=0, p5=272, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b5126b4d-Z-- --fc3ff631-A-- [27/Jul/2025:05:10:54.665825 +0300] aIWKrjA2J8mc4XeXgIXWaQAAAEQ 185.177.72.10 36374 127.0.0.1 7081 --fc3ff631-B-- GET /.env.local HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fc3ff631-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IndOT01Xa1RDQzdhSjJRUWZ1TVU2S3c9PSIsInZhbHVlIjoiMlBiUEZDZU5EcHRObWMweXZPY1lKOGVHbEZ6Q29JaGxRUzJhU1FlSHdnYUU0ZlJ0djVXZU9FUGlJQkFDSlQvRXlsSWJGby9qUGxSR3ZOMW0wZ3NQdjJuckhqeTFNMnQrYklHbU43cVluNXMvdnlrWGlZSGhZZVV0a1RyYVp4eFQiLCJtYWMiOiIxNjM5ZmM5NGRhNTVjMTIwOGEzMjY0OWM1NTViZTk2MjFlM2VkZjE4MTQ4MDE5OTE0MTc4YmRjMWZlZDc3YTM0IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:54 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6InlVMkZWckh1UHRveG8wYTFiaGVjRUE9PSIsInZhbHVlIjoiVnYrM2tVSkJkd3I2aFhvdkRMUDNBRUJiV00xL0U3KzF3WjEzRFVRd2dNR2dGUHZxZ2d6VVRPcU0ycE84ZTRmM1k0UCtkY0VrUXF2MWxIOUljcXV5QWhxd2hWVUFVZTJZNHMzcTFyWWJwdzRuRmNlRitYM0Q0T3ByUldqOHE0QWsiLCJtYWMiOiI5YzBiNzVkM2FjZGNhNDg2NjA1YjYwZTA4ZmZhZjMyNmZmZjcxOWEwMDY0N2E4YjcwZDM1ZmZmOTE3MmU1Njc3IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:54 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fc3ff631-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env.local"] [unique_id "aIWKrjA2J8mc4XeXgIXWaQAAAEQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582254116129 549797 (- - -) Stopwatch2: 1753582254116129 549797; combined=3593, p1=704, p2=2676, p3=0, p4=0, p5=213, sr=274, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc3ff631-Z-- --c38e1a41-A-- [27/Jul/2025:05:10:55.441285 +0300] aIWKrqNZBKS0rtj_BfubTwAAAIw 185.177.72.10 36494 127.0.0.1 7081 --c38e1a41-B-- GET /.env.dev HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c38e1a41-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IjRNZHI2SDlwcW9WNDhIMjZlenMvWmc9PSIsInZhbHVlIjoiaXh0L2VsQzRONmp0WC9FTFVCbk45djVWR3VlZzFjVzlyM0U0bEVXMVBLR2N4SFNVN21rRzd5TXlkNXdweVRyUWpqOWxMLzlQc0NoWnB6RTdFRHZqMHRqYjEvYllDNlpucHFLUFFRQW1xOTZoQ3Zud1dkQXAwNHAvc3RxeVZ4dlIiLCJtYWMiOiJhNGM0MzU2Y2EwM2MzMWJiYTZmOGFiYWM3NDViMTQxNWExOGNmNjNjYTZlMDk4MDk2M2UzNjgxOTc2Y2RjMDQ1IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:55 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6Im9LNVBOL1QrdGFLV29CcTQrVzh6TGc9PSIsInZhbHVlIjoiVEN2K0dUUTUwT1k5dWU1bHRTVS9nMWJESHJFWXVoQkZZa29hem5zeTNNaGVqUm05VUwzR2J2RnRDSVI2VnNGWDVsM3Fad3o5dnVlTXpRRXEveFdIWjZ4Mi9RUERXR1JjM1JzRnB6RVlPNDYrc2tkUkNObE84U1NiRGFnQWpnZEgiLCJtYWMiOiJiMzk2ZTU1NDA1MWMyZGE2MzMwOWQwNzFjYjdjNWU1YzI5MzdiMDM1NmY2MmVlMzY4ZDkwZGY2ZjE4ZTU2NTljIiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:55 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --c38e1a41-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env.dev"] [unique_id "aIWKrqNZBKS0rtj_BfubTwAAAIw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582254839128 602273 (- - -) Stopwatch2: 1753582254839128 602273; combined=6799, p1=600, p2=6074, p3=0, p4=0, p5=125, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c38e1a41-Z-- --9bd7a07b-A-- [27/Jul/2025:05:10:56.163104 +0300] aIWKr6NZBKS0rtj_BfubVgAAAIA 185.177.72.10 36618 127.0.0.1 7081 --9bd7a07b-B-- GET /.env.development HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9bd7a07b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Ill4Vm13ZzNZNGxYR3pNaXFmeUk5VlE9PSIsInZhbHVlIjoiRHpNVXFwNEdnOUMwZzg0d21COVpwUEhvS2gvQXc3SVNwRmg2aUpmVUtoekhXOHJGd3YyMG8wMzBKQTZIWFFQM21EaldIQlBNaCtCcXJwM0JiaFBpbVpobHZEOTRFd3lKbUwyK3htNFhKV2dOaFViL3BKYkZLQldKMld3TW9zWEMiLCJtYWMiOiJlYmIwYTEyODdkMDMxMWFlODIwNzcyYzA2NmM1YmQyMDMxNWM0MzkyMmU2MjU4ZGE2YWRjNWRkNjkxOTZhNzdjIiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:56 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6Ik9uMlU0MUV2VzNubFZkdlJnWHoyMEE9PSIsInZhbHVlIjoiSXZoaGVXWUcrdFNnOGl6TTZIVEdSTzdVZ2V3T0dqWGpKZHd2bU10d0oyNjVFdG9FSU9WSHRacFlVYmNaMmZ1ZkRDdFhhdWMxaFdlVEdXeWU1NUZsQVF4VU90d2xFSHM0YStwS0tIQ1V1aEg3RzhoREJHUnYwU3loZGY1OTBLangiLCJtYWMiOiIzNDI5ZTRiZDU4NDI5NTY5ZDI0Y2IzMWE3YjRlNWNkMWVhZGFlMTVmYjkwMzA0MDFlZTRmOGUyNjQxZDFiMzFmIiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:56 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --9bd7a07b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env.development"] [unique_id "aIWKr6NZBKS0rtj_BfubVgAAAIA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582255613274 549934 (- - -) Stopwatch2: 1753582255613274 549934; combined=2679, p1=547, p2=2006, p3=0, p4=0, p5=126, sr=202, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9bd7a07b-Z-- --7dfbd421-A-- [27/Jul/2025:05:10:57.028202 +0300] aIWKsKNZBKS0rtj_BfubXQAAAI0 185.177.72.10 36714 127.0.0.1 7081 --7dfbd421-B-- GET /.env.prod HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --7dfbd421-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IlI3QVpmVFY5Wk41enIyWmFYWUhrUmc9PSIsInZhbHVlIjoiNUV3Wlk0MHJmNmlqeHNiaE0vYWZoYUQwNE0yaXZZRUhmRkZiNW1KcUFMenhMemN4OU1zYWpZcWZwMklDMW1qTnQ3dlY3V0lEWTZhNHhpNDlueGdVQjMvODBkbjFKdk1nNmJUczdDQmU2STBtOHBHL0VNVGJGcFZzc3I1TEhFRzAiLCJtYWMiOiI1ZGI3ZTZjZDA1MmQyNzdhYmZkYjAzNTNhNzk5ZGI5NDRmMDIzNTVjZjdlOWVhZmVlYTcwNjQ0YmYwNTdlYzA4IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:57 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6IlJCTy9NMTMvZWxHT3hBcm92eEl0R3c9PSIsInZhbHVlIjoidFhEUFM1ZFR6aTRJam5GTllnQkF2cGRUZFhRR2dLZE1tRXhGUENIMyt5WVVnMG1RcFdHbURtam1rTTAzU0wwVlRXRHNMeTRRdzNHUThYZ3NxV0N3aGovRGJSaWFvYVRVR1BQMnpBSGZwNXVGSjRVVmFHYVpxOU1YRmM1cFNUeEoiLCJtYWMiOiI4NzkxM2NlZWVjM2ZjZWFiYTUxZTMzYTUxMzNhZDZhYzlhMTI0YmI3NmE1ZWI3MjlkZWEwNGZiMDQwNWQ4NzFhIiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:57 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --7dfbd421-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env.prod"] [unique_id "aIWKsKNZBKS0rtj_BfubXQAAAI0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582256393154 635133 (- - -) Stopwatch2: 1753582256393154 635133; combined=2566, p1=724, p2=1736, p3=0, p4=0, p5=105, sr=284, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7dfbd421-Z-- --d3e63314-A-- [27/Jul/2025:05:10:57.840828 +0300] aIWKsaNZBKS0rtj_BfubaAAAAIw 185.177.72.10 36816 127.0.0.1 7081 --d3e63314-B-- GET /.env.production HTTP/1.0 Host: lms.americancenter.me X-Real-IP: 185.177.72.10 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d3e63314-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.29 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6InVGRk05dGFvZ2o4aUZWUy9wQlljcFE9PSIsInZhbHVlIjoibk1TKzBPMVJBNlZ5Rk13UzlRWTh5NkN3TmJvdEQzWTN6bDVPOG05RHlkc3h0a01oNXpvNlFSR3VaYWN0bnJhTGRpSmc1T1lPc1o3Sm4zczZVdE9sTC9uM0xLUUE0cGtQR0hxVjJNeW9Cb1grZnN0T3hRUjgrazZ4UzcvWkVwSEUiLCJtYWMiOiIyNWRlNTkxNDI5OTY2NzJkNTllYjkzZDFmOTQ4NWQxOWY2OWZlMmE0ODk0MWRkNzEzYmJhMTkxZGZkYjg1Y2I4IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:57 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: laravel_session=eyJpdiI6ImsrTGpNZkRlby9FUDFPb001RGYvZHc9PSIsInZhbHVlIjoiQ2hiSlNDakw3Q3RBaSsvSE9BODJ4ZklVbWtMWlpNeHdBTWVNQzNYTU1HWjRJVWNyc1pWTzIyZTQ0bWI1ZnVDdmhCRG4yMldhdjE0VGxaRG1pOVpuMlJaNTlFOFNLUUt4eTBwbExHWnR0WlhYMGl6aVg3Uk9zaWhiZ3lybjF3NWwiLCJtYWMiOiI0Y2U5NmViMDZkOWRkM2Y3ZTU5ZjM1NTJiNDU3NDYwNDJhMTMyYmRkOGI4NGQxM2U0YjZkMjhjMzM2NTU3Mzk2IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 04:10:57 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --d3e63314-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lms.americancenter.me"] [uri "/.env.production"] [unique_id "aIWKsaNZBKS0rtj_BfubaAAAAIw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/lms.americancenter.me/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753582257270308 570636 (- - -) Stopwatch2: 1753582257270308 570636; combined=3087, p1=714, p2=2073, p3=0, p4=0, p5=299, sr=173, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d3e63314-Z-- --942d4e1a-A-- [27/Jul/2025:05:22:38.200833 +0300] aIWNbqNZBKS0rtj_BfuvQgAAAIo 45.55.52.107 59558 127.0.0.1 7081 --942d4e1a-B-- GET /php.ini HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6ImtkOUR4ODdCWVFyamhQUkNxT3lZOFE9PSIsInZhbHVlIjoiYXdXZngxNWJkKzJZakYyNGJNK0xXV0F3UGEvTzBqaTVpblk1cEpCYlRXTGtCNGVvWUVaNWtaQXk1eDgrck12MWw5Z3JjcGhjQzhkYnQ4bVl1UlgxVWpRZ2lOOG1BbXUxckJCaUM3MEZheGlST0JPSHZKVGUxdXVkN01uRFBEbDQiLCJtYWMiOiI2YTRkYjNiNjZhZjU3YjYyMTY2YTFjZjgyZDBmZGUwMTUyMWU2ZmNjNjE2MTc2NTBmNTQ5YTQ1MmI1ZTdjOTM1IiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjlvVFpwQXZGL0c0eGRJaDBWaUk3VEE9PSIsInZhbHVlIjoickR2OXNiRzE2RVFSdGs2a1RzSUE5aDFUMk8vc0g0QmJsRWR3T1FzNUdzcG9CRmJDVmNYT2xaWHVyL1RNNmN6UlgvY2QzcWc3aTV3eEh5OEowQk80Sk4zbjVuQ2xpUlh4TjFOQmZqbVVpbzBEaFkybHJRVDlNcDY2aHloQ0pqUjkiLCJtYWMiOiJkNGRhNjNkMTYwODAzNzFkNjZiNDM1MWUzY2JkMTAxNjU0ODEzY2VmMjYyNGU5Y2VhODQ0ZGQzYTdkM2UyZmUxIiwidGFnIjoiIn0%3D --942d4e1a-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 25 Jan 2025 18:53:51 GMT ETag: "282-62c8c5d340dc0" Accept-Ranges: bytes Content-Length: 642 --942d4e1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hamomohsen.net"] [uri "/php.ini"] [unique_id "aIWNbqNZBKS0rtj_BfuvQgAAAIo"] Stopwatch: 1753582958186495 14460 (- - -) Stopwatch2: 1753582958186495 14460; combined=3955, p1=492, p2=3319, p3=0, p4=0, p5=144, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --942d4e1a-Z-- --ef360712-A-- [27/Jul/2025:05:26:07.125765 +0300] aIWOPqNZBKS0rtj_Bfu0lwAAAIk 45.55.52.107 46730 127.0.0.1 7081 --ef360712-B-- GET /wp-config.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6ImtkOUR4ODdCWVFyamhQUkNxT3lZOFE9PSIsInZhbHVlIjoiYXdXZngxNWJkKzJZakYyNGJNK0xXV0F3UGEvTzBqaTVpblk1cEpCYlRXTGtCNGVvWUVaNWtaQXk1eDgrck12MWw5Z3JjcGhjQzhkYnQ4bVl1UlgxVWpRZ2lOOG1BbXUxckJCaUM3MEZheGlST0JPSHZKVGUxdXVkN01uRFBEbDQiLCJtYWMiOiI2YTRkYjNiNjZhZjU3YjYyMTY2YTFjZjgyZDBmZGUwMTUyMWU2ZmNjNjE2MTc2NTBmNTQ5YTQ1MmI1ZTdjOTM1IiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjlvVFpwQXZGL0c0eGRJaDBWaUk3VEE9PSIsInZhbHVlIjoickR2OXNiRzE2RVFSdGs2a1RzSUE5aDFUMk8vc0g0QmJsRWR3T1FzNUdzcG9CRmJDVmNYT2xaWHVyL1RNNmN6UlgvY2QzcWc3aTV3eEh5OEowQk80Sk4zbjVuQ2xpUlh4TjFOQmZqbVVpbzBEaFkybHJRVDlNcDY2aHloQ0pqUjkiLCJtYWMiOiJkNGRhNjNkMTYwODAzNzFkNjZiNDM1MWUzY2JkMTAxNjU0ODEzY2VmMjYyNGU5Y2VhODQ0ZGQzYTdkM2UyZmUxIiwidGFnIjoiIn0%3D --ef360712-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ef360712-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/wp-config.php"] [unique_id "aIWOPqNZBKS0rtj_Bfu0lwAAAIk"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753583166843224 282666 (- - -) Stopwatch2: 1753583166843224 282666; combined=5330, p1=846, p2=4246, p3=0, p4=0, p5=237, sr=421, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef360712-Z-- --c3230b07-A-- [27/Jul/2025:05:27:17.443812 +0300] aIWOhaNZBKS0rtj_Bfu2swAAAJg 13.203.209.99 41122 127.0.0.1 7081 --c3230b07-B-- GET /.env HTTP/1.0 Host: internetlb.com X-Real-IP: 13.203.209.99 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --c3230b07-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 12 Dec 2016 17:20:28 GMT ETag: "405-5437951ed94a5" Accept-Ranges: bytes Content-Length: 1029 Content-Type: text/html --c3230b07-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "internetlb.com"] [uri "/.env"] [unique_id "aIWOhaNZBKS0rtj_Bfu2swAAAJg"] Stopwatch: 1753583237439350 4586 (- - -) Stopwatch2: 1753583237439350 4586; combined=2710, p1=599, p2=2030, p3=0, p4=0, p5=80, sr=204, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3230b07-Z-- --e7cc2b0d-A-- [27/Jul/2025:05:35:20.319377 +0300] aIWQZTA2J8mc4XeXgIXoigAAAEw 40.78.41.126 40060 127.0.0.1 7081 --e7cc2b0d-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 40.78.41.126 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 referer: http://glamilea.com/wp-login.php sec-fetch-site: same-origin sec-fetch-user: ?1 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --e7cc2b0d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --e7cc2b0d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIWQZTA2J8mc4XeXgIXoigAAAEw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753583717920423 2399299 (- - -) Stopwatch2: 1753583717920423 2399299; combined=5090, p1=474, p2=4460, p3=0, p4=0, p5=155, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e7cc2b0d-Z-- --22400c7e-A-- [27/Jul/2025:05:36:22.406205 +0300] aIWQpjA2J8mc4XeXgIXpGAAAAEQ 213.209.143.116 53070 127.0.0.1 7081 --22400c7e-B-- GET /.env HTTP/1.0 Host: crm.raqmix.net X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --22400c7e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=4716c2daa10b2891958844446eb78dd3; expires=Sun, 27 Jul 2025 03:37:22 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --22400c7e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.raqmix.net"] [uri "/.env"] [unique_id "aIWQpjA2J8mc4XeXgIXpGAAAAEQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753583782115499 290812 (- - -) Stopwatch2: 1753583782115499 290812; combined=11721, p1=8897, p2=2661, p3=0, p4=0, p5=162, sr=212, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --22400c7e-Z-- --e41b4378-A-- [27/Jul/2025:05:53:21.863151 +0300] aIWUoTA2J8mc4XeXgIX2JAAAAE8 64.227.70.2 46516 127.0.0.1 7081 --e41b4378-B-- GET /.env HTTP/1.0 Host: www.museduliban.com X-Real-IP: 64.227.70.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --e41b4378-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 18 Mar 2025 01:24:13 GMT ETag: "396-63093c3371a9c" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --e41b4378-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.museduliban.com"] [uri "/.env"] [unique_id "aIWUoTA2J8mc4XeXgIX2JAAAAE8"] Stopwatch: 1753584801854144 9091 (- - -) Stopwatch2: 1753584801854144 9091; combined=8123, p1=8046, p2=0, p3=0, p4=0, p5=77, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e41b4378-Z-- --2db7cf24-A-- [27/Jul/2025:05:53:22.065085 +0300] aIWUoqNZBKS0rtj_BfvheAAAAIc 64.227.70.2 46548 127.0.0.1 7081 --2db7cf24-B-- GET /.git/config HTTP/1.0 Host: www.museduliban.com X-Real-IP: 64.227.70.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --2db7cf24-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 18 Mar 2025 01:24:13 GMT ETag: "396-63093c3371a9c" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --2db7cf24-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.museduliban.com"] [uri "/.git/config"] [unique_id "aIWUoqNZBKS0rtj_BfvheAAAAIc"] Stopwatch: 1753584802063684 1512 (- - -) Stopwatch2: 1753584802063684 1512; combined=740, p1=645, p2=0, p3=0, p4=0, p5=95, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2db7cf24-Z-- --d23ffc3b-A-- [27/Jul/2025:05:54:28.935330 +0300] aIWU5FeG06QUq9l42nZPgAAAAAw 195.178.110.68 56842 127.0.0.1 7081 --d23ffc3b-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --d23ffc3b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --d23ffc3b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU5FeG06QUq9l42nZPgAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584868915996 19517 (- - -) Stopwatch2: 1753584868915996 19517; combined=11099, p1=8399, p2=2574, p3=0, p4=0, p5=126, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d23ffc3b-Z-- --020e2f54-A-- [27/Jul/2025:05:54:28.936130 +0300] aIWU5FeG06QUq9l42nZPgQAAAA8 195.178.110.68 56854 127.0.0.1 7081 --020e2f54-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --020e2f54-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --020e2f54-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU5FeG06QUq9l42nZPgQAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584868921037 15162 (- - -) Stopwatch2: 1753584868921037 15162; combined=5607, p1=3362, p2=2148, p3=0, p4=0, p5=97, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --020e2f54-Z-- --87df1839-A-- [27/Jul/2025:05:54:29.319298 +0300] aIWU5YPNf5P2DoUqNUxDZAAAAJE 195.178.110.68 56906 127.0.0.1 7081 --87df1839-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://restopos.raqmix.net/.git/config Accept-Encoding: gzip --87df1839-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --87df1839-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU5YPNf5P2DoUqNUxDZAAAAJE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584869303855 15588 (- - -) Stopwatch2: 1753584869303855 15588; combined=6675, p1=705, p2=5867, p3=0, p4=0, p5=102, sr=240, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --87df1839-Z-- --2ed1f447-A-- [27/Jul/2025:05:54:29.372474 +0300] aIWU5VeG06QUq9l42nZPhQAAABI 195.178.110.68 56922 127.0.0.1 7081 --2ed1f447-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://restopos.raqmix.net/.git/config Accept-Encoding: gzip --2ed1f447-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --2ed1f447-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU5VeG06QUq9l42nZPhQAAABI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584869360214 12332 (- - -) Stopwatch2: 1753584869360214 12332; combined=2996, p1=528, p2=2313, p3=0, p4=0, p5=154, sr=155, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ed1f447-Z-- --13efc735-A-- [27/Jul/2025:05:54:40.789999 +0300] aIWU8FeG06QUq9l42nZP1wAAAAE 93.123.109.64 54712 127.0.0.1 7081 --13efc735-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --13efc735-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --13efc735-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU8FeG06QUq9l42nZP1wAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584880774470 15592 (- - -) Stopwatch2: 1753584880774470 15592; combined=6913, p1=485, p2=6325, p3=0, p4=0, p5=102, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13efc735-Z-- --be4b7b75-A-- [27/Jul/2025:05:54:43.687015 +0300] aIWU81eG06QUq9l42nZP7gAAAAI 139.59.143.102 60482 127.0.0.1 7081 --be4b7b75-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 139.59.143.102 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --be4b7b75-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --be4b7b75-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||restopos.raqmix.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||restopos.raqmix.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "restopos.raqmix.net"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIWU81eG06QUq9l42nZP7gAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584883646494 40590 (- - -) Stopwatch2: 1753584883646494 40590; combined=30134, p1=596, p2=29351, p3=0, p4=0, p5=187, sr=184, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --be4b7b75-Z-- --7c873145-A-- [27/Jul/2025:05:54:46.384849 +0300] aIWU9leG06QUq9l42nZQAgAAAAg 139.59.143.102 60828 127.0.0.1 7081 --7c873145-B-- GET /.env HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 139.59.143.102 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --7c873145-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --7c873145-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.env"] [unique_id "aIWU9leG06QUq9l42nZQAgAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584886372211 12714 (- - -) Stopwatch2: 1753584886372211 12714; combined=3420, p1=680, p2=2513, p3=0, p4=0, p5=226, sr=180, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7c873145-Z-- --34e8746b-A-- [27/Jul/2025:05:54:46.577292 +0300] aIWU9oPNf5P2DoUqNUxDowAAAIw 139.59.143.102 60878 127.0.0.1 7081 --34e8746b-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 139.59.143.102 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --34e8746b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --34e8746b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWU9oPNf5P2DoUqNUxDowAAAIw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584886564152 13227 (- - -) Stopwatch2: 1753584886564152 13227; combined=3181, p1=687, p2=2394, p3=0, p4=0, p5=100, sr=261, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --34e8746b-Z-- --ddbfaf40-A-- [27/Jul/2025:05:55:56.950863 +0300] aIWVPFeG06QUq9l42nZSDQAAAA8 93.123.109.64 38304 127.0.0.1 7081 --ddbfaf40-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; GM1910) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --ddbfaf40-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ddbfaf40-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWVPFeG06QUq9l42nZSDQAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584956920466 30500 (- - -) Stopwatch2: 1753584956920466 30500; combined=3230, p1=628, p2=2387, p3=0, p4=0, p5=215, sr=206, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ddbfaf40-Z-- --3e3ee04c-A-- [27/Jul/2025:05:56:23.361839 +0300] aIWVV1eG06QUq9l42nZTCwAAAAQ 93.123.109.64 49566 127.0.0.1 7081 --3e3ee04c-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Adobe Application Manager 2.0 Accept-Charset: utf-8 Accept-Encoding: gzip --3e3ee04c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --3e3ee04c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWVV1eG06QUq9l42nZTCwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753584983340378 21563 (- - -) Stopwatch2: 1753584983340378 21563; combined=3004, p1=656, p2=2192, p3=0, p4=0, p5=156, sr=177, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e3ee04c-Z-- --ae311f5b-A-- [27/Jul/2025:05:57:43.480023 +0300] aIWVp1eG06QUq9l42nZV-gAAABI 195.178.110.68 34422 127.0.0.1 7081 --ae311f5b-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --ae311f5b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ae311f5b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWVp1eG06QUq9l42nZV-gAAABI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753585063468866 11238 (- - -) Stopwatch2: 1753585063468866 11238; combined=2680, p1=600, p2=1986, p3=0, p4=0, p5=93, sr=204, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ae311f5b-Z-- --99b8d334-A-- [27/Jul/2025:05:58:10.355320 +0300] aIWVwleG06QUq9l42nZWZAAAAAA 93.123.109.64 52066 127.0.0.1 7081 --99b8d334-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1 Accept-Charset: utf-8 Accept-Encoding: gzip --99b8d334-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --99b8d334-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWVwleG06QUq9l42nZWZAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753585090340502 14879 (- - -) Stopwatch2: 1753585090340502 14879; combined=3682, p1=609, p2=2959, p3=0, p4=0, p5=114, sr=170, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --99b8d334-Z-- --07209e29-A-- [27/Jul/2025:05:58:56.052778 +0300] aIWV8IPNf5P2DoUqNUxHdgAAAIg 93.123.109.64 53844 127.0.0.1 7081 --07209e29-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Opera/9.80 (Windows NT 5.2; U; en) Presto/2.2.15 Version/10.10 Accept-Charset: utf-8 Accept-Encoding: gzip --07209e29-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --07209e29-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWV8IPNf5P2DoUqNUxHdgAAAIg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753585136030192 22664 (- - -) Stopwatch2: 1753585136030192 22664; combined=2863, p1=611, p2=2133, p3=0, p4=0, p5=118, sr=180, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --07209e29-Z-- --2efa9a6a-A-- [27/Jul/2025:06:06:59.405738 +0300] aIWX04PNf5P2DoUqNUxOFwAAAIA 45.84.107.55 44356 127.0.0.1 7081 --2efa9a6a-B-- GET /web.config HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 45.84.107.55 Connection: close User-Agent: Mozilla/5.0 (Debian; Linux i686; rv:131.0) Gecko/20100101 Firefox/131.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --2efa9a6a-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --2efa9a6a-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.alc.edu.lb"] [uri "/web.config"] [unique_id "aIWX04PNf5P2DoUqNUxOFwAAAIA"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/web.config"] [unique_id "aIWX04PNf5P2DoUqNUxOFwAAAIA"] Stopwatch: 1753585619400741 5184 (- - -) Stopwatch2: 1753585619400741 5184; combined=3087, p1=602, p2=2248, p3=28, p4=43, p5=165, sr=166, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2efa9a6a-Z-- --29492151-A-- [27/Jul/2025:06:08:21.863013 +0300] aIWYJVeG06QUq9l42nZonAAAABY 185.177.72.201 39612 127.0.0.1 7081 --29492151-B-- GET /info.php.bak HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --29492151-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --29492151-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/info.php.bak"] [unique_id "aIWYJVeG06QUq9l42nZonAAAABY"] Stopwatch: 1753585701597291 265802 (- - -) Stopwatch2: 1753585701597291 265802; combined=8110, p1=540, p2=7381, p3=55, p4=42, p5=91, sr=158, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --29492151-Z-- --417b5c38-A-- [27/Jul/2025:06:08:26.611011 +0300] aIWYKoPNf5P2DoUqNUxPXgAAAJg 185.177.72.201 39908 127.0.0.1 7081 --417b5c38-B-- GET /phpinfo.php.bak HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --417b5c38-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --417b5c38-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/phpinfo.php.bak"] [unique_id "aIWYKoPNf5P2DoUqNUxPXgAAAJg"] Stopwatch: 1753585706342775 268310 (- - -) Stopwatch2: 1753585706342775 268310; combined=2820, p1=541, p2=2087, p3=59, p4=43, p5=90, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --417b5c38-Z-- --e586cb4a-A-- [27/Jul/2025:06:08:27.645744 +0300] aIWYK1eG06QUq9l42nZo7AAAAAY 185.177.72.201 40060 127.0.0.1 7081 --e586cb4a-B-- GET /.env.bak HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e586cb4a-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --e586cb4a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.bak"] [unique_id "aIWYK1eG06QUq9l42nZo7AAAAAY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/.env.bak"] [unique_id "aIWYK1eG06QUq9l42nZo7AAAAAY"] Stopwatch: 1753585707375855 269991 (- - -) Stopwatch2: 1753585707375855 269991; combined=4236, p1=836, p2=3044, p3=112, p4=55, p5=187, sr=215, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e586cb4a-Z-- --8e0ba952-A-- [27/Jul/2025:06:08:27.989080 +0300] aIWYK4PNf5P2DoUqNUxPYwAAAJM 185.177.72.201 40124 127.0.0.1 7081 --8e0ba952-B-- GET /.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8e0ba952-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --8e0ba952-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env"] [unique_id "aIWYK4PNf5P2DoUqNUxPYwAAAJM"] Stopwatch: 1753585707703820 285349 (- - -) Stopwatch2: 1753585707703820 285349; combined=2890, p1=569, p2=2105, p3=67, p4=55, p5=94, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e0ba952-Z-- --e68f3c1b-A-- [27/Jul/2025:06:08:28.342433 +0300] aIWYLFeG06QUq9l42nZo9AAAAAw 185.177.72.201 40176 127.0.0.1 7081 --e68f3c1b-B-- GET /.env.backup HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e68f3c1b-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --e68f3c1b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.backup"] [unique_id "aIWYLFeG06QUq9l42nZo9AAAAAw"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/.env.backup"] [unique_id "aIWYLFeG06QUq9l42nZo9AAAAAw"] Stopwatch: 1753585708050388 292131 (- - -) Stopwatch2: 1753585708050388 292131; combined=3405, p1=668, p2=2370, p3=71, p4=54, p5=241, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e68f3c1b-Z-- --875dc737-A-- [27/Jul/2025:06:08:28.739313 +0300] aIWYLFeG06QUq9l42nZo-QAAAAU 185.177.72.201 40246 127.0.0.1 7081 --875dc737-B-- GET /.env_sample HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --875dc737-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --875dc737-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env_sample"] [unique_id "aIWYLFeG06QUq9l42nZo-QAAAAU"] Stopwatch: 1753585708400548 338855 (- - -) Stopwatch2: 1753585708400548 338855; combined=3095, p1=654, p2=2225, p3=43, p4=33, p5=140, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --875dc737-Z-- --4ab9f02c-A-- [27/Jul/2025:06:08:29.068457 +0300] aIWYLFeG06QUq9l42nZo_gAAAA4 185.177.72.201 40314 127.0.0.1 7081 --4ab9f02c-B-- GET /.env.old HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.201 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4ab9f02c-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --4ab9f02c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.old"] [unique_id "aIWYLFeG06QUq9l42nZo_gAAAA4"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/.env.old"] [unique_id "aIWYLFeG06QUq9l42nZo_gAAAA4"] Stopwatch: 1753585708800986 267535 (- - -) Stopwatch2: 1753585708800986 267535; combined=3678, p1=642, p2=2825, p3=51, p4=38, p5=122, sr=189, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ab9f02c-Z-- --cd44e747-A-- [27/Jul/2025:06:30:39.884680 +0300] aIWdX1eG06QUq9l42naPBwAAAAY 45.131.195.23 55770 127.0.0.1 7081 --cd44e747-B-- GET /.git/config HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.131.195.23 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozila/5.0 Referer: http://hamomohsen.net/.git/config Accept-Encoding: gzip --cd44e747-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --cd44e747-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.git/config"] [unique_id "aIWdX1eG06QUq9l42naPBwAAAAY"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587039648831 235951 (- - -) Stopwatch2: 1753587039648831 235951; combined=2875, p1=748, p2=2029, p3=0, p4=0, p5=97, sr=256, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd44e747-Z-- --9981c278-A-- [27/Jul/2025:06:33:04.100274 +0300] aIWd7VeG06QUq9l42naTgQAAAAw 219.118.65.30 47126 127.0.0.1 7081 --9981c278-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 219.118.65.30 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 referer: http://glamilea.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document accept-language: en-US,en;q=0.5 cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --9981c278-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --9981c278-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIWd7VeG06QUq9l42naTgQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587181578826 2521599 (- - -) Stopwatch2: 1753587181578826 2521599; combined=4669, p1=654, p2=3892, p3=0, p4=0, p5=123, sr=179, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9981c278-Z-- --2c4d942c-A-- [27/Jul/2025:06:35:12.073056 +0300] aIWecIPNf5P2DoUqNUxmlgAAAI8 204.8.96.167 45816 127.0.0.1 7081 --2c4d942c-B-- GET /web.config HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 204.8.96.167 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063 Accept: */* Accept-Language: en Accept-Encoding: gzip --2c4d942c-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/web.config Content-Length: 311 Connection: close Content-Type: text/html; charset=iso-8859-1 --2c4d942c-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/web.config"] [unique_id "aIWecIPNf5P2DoUqNUxmlgAAAI8"] Stopwatch: 1753587312071917 1220 (- - -) Stopwatch2: 1753587312071917 1220; combined=763, p1=615, p2=0, p3=31, p4=50, p5=67, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2c4d942c-Z-- --0d65ed33-A-- [27/Jul/2025:06:41:17.988002 +0300] aIWf24PNf5P2DoUqNUxsGwAAAJY 65.55.210.93 39650 127.0.0.1 7081 --0d65ed33-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 65.55.210.93 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/136.0.0.0 Safari/537.36 content-type: text/plain;charset=UTF-8 accept: */* origin: https://opalparis.store sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://opalparis.store/ accept-encoding: gzip, deflate, br, zstd priority: u=1, i cookie: sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2025-07-27%2003%3A41%3A15%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2025-07-27%2003%3A41%3A15%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%3B%20compatible%3B%20bingbot%2F2.0%3B%20%2Bhttp%3A%2F%2Fwww.bing.com%2Fbingbot.htm%29%20Chrome%2F136.0.0.0%20Safari%2F537.36; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2F; _fbp=fb.1.1753587675493.506275621789730870 --0d65ed33-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=10li2lto6679dhjm24un9kvbji; expires=Sat, 25 Oct 2025 03:41:17 GMT; Max-Age=7776000; path=/; domain=opalparis.store; HttpOnly; SameSite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --0d65ed33-E-- --0d65ed33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIWf24PNf5P2DoUqNUxsGwAAAJY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIWf24PNf5P2DoUqNUxsGwAAAJY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587675831599 2156645 (- - -) Stopwatch2: 1753587675831599 2156645; combined=8284, p1=799, p2=7071, p3=177, p4=52, p5=185, sr=132, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d65ed33-Z-- --db1afa54-A-- [27/Jul/2025:06:43:31.479566 +0300] aIWgY4PNf5P2DoUqNUxuEgAAAIY 195.178.110.68 47674 127.0.0.1 7081 --db1afa54-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --db1afa54-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --db1afa54-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWgY4PNf5P2DoUqNUxuEgAAAIY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587811446075 33589 (- - -) Stopwatch2: 1753587811446075 33589; combined=3280, p1=1193, p2=1962, p3=0, p4=0, p5=124, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --db1afa54-Z-- --692eed11-A-- [27/Jul/2025:06:43:31.632927 +0300] aIWgY4PNf5P2DoUqNUxuEwAAAI4 195.178.110.68 47684 127.0.0.1 7081 --692eed11-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://restopos.raqmix.net/.git/config Accept-Encoding: gzip --692eed11-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --692eed11-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWgY4PNf5P2DoUqNUxuEwAAAI4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587811619380 13608 (- - -) Stopwatch2: 1753587811619380 13608; combined=2993, p1=674, p2=2222, p3=0, p4=0, p5=97, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --692eed11-Z-- --c6cc6d38-A-- [27/Jul/2025:06:43:31.761094 +0300] aIWgY4PNf5P2DoUqNUxuFAAAAJE 195.178.110.68 47692 127.0.0.1 7081 --c6cc6d38-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://restopos.raqmix.net/.git/config Accept-Encoding: gzip --c6cc6d38-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --c6cc6d38-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWgY4PNf5P2DoUqNUxuFAAAAJE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587811745940 15293 (- - -) Stopwatch2: 1753587811745940 15293; combined=3822, p1=679, p2=3008, p3=0, p4=0, p5=134, sr=166, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c6cc6d38-Z-- --a3328620-A-- [27/Jul/2025:06:43:47.542618 +0300] aIWgc4PNf5P2DoUqNUxuSwAAAI8 93.123.109.64 47128 127.0.0.1 7081 --a3328620-B-- GET /.git/config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Fennec/2.0.1 Accept-Charset: utf-8 Accept-Encoding: gzip --a3328620-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --a3328620-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/config"] [unique_id "aIWgc4PNf5P2DoUqNUxuSwAAAI8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753587827520181 22502 (- - -) Stopwatch2: 1753587827520181 22502; combined=2726, p1=554, p2=2068, p3=0, p4=0, p5=104, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a3328620-Z-- --b43d082b-A-- [27/Jul/2025:06:58:31.350475 +0300] aIWj5IPNf5P2DoUqNUx7DAAAAIg 52.172.227.153 43780 127.0.0.1 7081 --b43d082b-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 52.172.227.153 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-mode: navigate user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 referer: http://glamilea.com/wp-login.php sec-fetch-dest: document sec-fetch-site: same-origin sec-fetch-user: ?1 cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --b43d082b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --b43d082b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIWj5IPNf5P2DoUqNUx7DAAAAIg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753588708120420 3230250 (- - -) Stopwatch2: 1753588708120420 3230250; combined=3290, p1=552, p2=2622, p3=0, p4=0, p5=115, sr=152, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b43d082b-Z-- --1ee9905e-A-- [27/Jul/2025:07:09:35.943192 +0300] aIWmf4PNf5P2DoUqNUyEZQAAAII 45.55.52.107 55090 127.0.0.1 7081 --1ee9905e-B-- GET /components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6IkF4Q3FESDJ0SjczSDlvYUl2YXhDRHc9PSIsInZhbHVlIjoiTnBxcFdaeE1zcVVhdHl0NTkwaWlYNm1NTjJzSDAxTElXRXAwOXJCVDlSQW9vRXNEbjJmbzBQMjA3aWdvVDBvMGMyemVzUkhUWUFINUZJc1FIWWYyOTk4bjFHNkZ0YytTNGx4U1pibTUyMVJtdWtUQmVHVjVnd0xoUktxQnh6QmQiLCJtYWMiOiI5ODM1ZDgzNDY2MWE1NmZlYWU5YjNlYjIwYmM1YTQwNzJkNjJmM2MwMDg3ZjBkMTRmOTgwZjlmOWM1Nzg3N2NlIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IngvZGFHSFhNL0dxSUZhZXN6R0I5QWc9PSIsInZhbHVlIjoiMHR3SUc1UDErWUxNVGI5WkdCTkoxTUNuOFZpbTVFendodHlRQVhEdkszV1M0bXpSYkdlUkVIL0ovVkdHWUZQSkVETWZSTnZtbUFIWE1zVGVtdjF5YnAvRlJZeU5SRTNLMXcvdFhNbC9CTkVBdG5PMmJ0YVRaQmxGZUtkb01jb1QiLCJtYWMiOiJjODY2YzVlZWIxMDhjM2IyODYyYzFhMmZkOWUxYmIxNDZkYzM5MDliZDM1YTZkMzRhODAxN2JiNjcxMmU1OTAzIiwidGFnIjoiIn0%3D --1ee9905e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --1ee9905e-H-- Message: Warning. Matched phrase "/configuration.php" at ARGS:f. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||hamomohsen.net|F|2"] [data "Matched Data: /configuration.php found within ARGS:f: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/configuration.php" at ARGS:f. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||hamomohsen.net|F|2"] [data "Matched Data: /configuration.php found within ARGS:f: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "hamomohsen.net"] [uri "/components/com_hdflvplayer/hdflvplayer/download.php"] [unique_id "aIWmf4PNf5P2DoUqNUyEZQAAAII"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753589375711296 232027 (- - -) Stopwatch2: 1753589375711296 232027; combined=4967, p1=592, p2=4185, p3=0, p4=0, p5=189, sr=229, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ee9905e-Z-- --bdd1e458-A-- [27/Jul/2025:07:10:11.102162 +0300] aIWmo1eG06QUq9l42nbW5wAAAAw 167.172.65.184 37494 127.0.0.1 7081 --bdd1e458-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 167.172.65.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --bdd1e458-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --bdd1e458-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.jinansystem.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIWmo1eG06QUq9l42nbW5wAAAAw"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "test.jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIWmo1eG06QUq9l42nbW5wAAAAw"] Stopwatch: 1753589411093521 8839 (- - -) Stopwatch2: 1753589411093521 8839; combined=5276, p1=618, p2=4462, p3=0, p4=0, p5=195, sr=131, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bdd1e458-Z-- --927d3d78-A-- [27/Jul/2025:07:10:12.183277 +0300] aIWmpFeG06QUq9l42nbW8wAAABQ 167.172.65.184 37636 127.0.0.1 7081 --927d3d78-B-- POST /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 167.172.65.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --927d3d78-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --927d3d78-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.jinansystem.com"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIWmpFeG06QUq9l42nbW8wAAABQ"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "test.jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIWmpFeG06QUq9l42nbW8wAAABQ"] Stopwatch: 1753589412178260 5240 (- - -) Stopwatch2: 1753589412178260 5240; combined=3036, p1=637, p2=2258, p3=0, p4=0, p5=141, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --927d3d78-Z-- --4dab8521-A-- [27/Jul/2025:07:10:13.616830 +0300] aIWmpVeG06QUq9l42nbXAAAAAAE 167.172.65.184 60378 127.0.0.1 7081 --4dab8521-B-- POST /app/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 167.172.65.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --4dab8521-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --4dab8521-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.jinansystem.com"] [uri "/app/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIWmpVeG06QUq9l42nbXAAAAAAE"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "test.jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIWmpVeG06QUq9l42nbXAAAAAAE"] Stopwatch: 1753589413608288 8662 (- - -) Stopwatch2: 1753589413608288 8662; combined=5770, p1=1932, p2=3613, p3=0, p4=0, p5=224, sr=171, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4dab8521-Z-- --b88f9c46-A-- [27/Jul/2025:07:10:14.720964 +0300] aIWmpleG06QUq9l42nbXCgAAABI 167.172.65.184 60526 127.0.0.1 7081 --b88f9c46-B-- POST /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 167.172.65.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --b88f9c46-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --b88f9c46-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.jinansystem.com"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIWmpleG06QUq9l42nbXCgAAABI"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "test.jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIWmpleG06QUq9l42nbXCgAAABI"] Stopwatch: 1753589414716234 4809 (- - -) Stopwatch2: 1753589414716234 4809; combined=2875, p1=587, p2=2149, p3=0, p4=0, p5=139, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b88f9c46-Z-- --e224b007-A-- [27/Jul/2025:07:10:16.200100 +0300] aIWmqFeG06QUq9l42nbXGgAAABc 167.172.65.184 60744 127.0.0.1 7081 --e224b007-B-- POST /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 167.172.65.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --e224b007-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --e224b007-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||test.jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.jinansystem.com"] [uri "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIWmqFeG06QUq9l42nbXGgAAABc"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|test.jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "test.jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIWmqFeG06QUq9l42nbXGgAAABc"] Stopwatch: 1753589416194028 6193 (- - -) Stopwatch2: 1753589416194028 6193; combined=3467, p1=691, p2=2574, p3=0, p4=0, p5=202, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e224b007-Z-- --6cac2f36-A-- [27/Jul/2025:07:20:42.687081 +0300] aIWpGoPNf5P2DoUqNUyOmgAAAIk 40.113.83.124 51090 127.0.0.1 7081 --6cac2f36-B-- GET /wp-content/debug.log HTTP/1.0 Host: specto.agency X-Real-IP: 40.113.83.124 X-Accel-Internal: /internal-nginx-static-location Connection: close --6cac2f36-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --6cac2f36-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "specto.agency"] [uri "/wp-content/debug.log"] [unique_id "aIWpGoPNf5P2DoUqNUyOmgAAAIk"] Stopwatch: 1753590042682536 4619 (- - -) Stopwatch2: 1753590042682536 4619; combined=2669, p1=507, p2=2088, p3=0, p4=0, p5=74, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6cac2f36-Z-- --6d865b0e-A-- [27/Jul/2025:07:20:47.929143 +0300] aIWpH1eG06QUq9l42nbq4gAAABE 40.113.83.124 33104 127.0.0.1 7081 --6d865b0e-B-- GET /.git/HEAD HTTP/1.0 Host: specto.agency X-Real-IP: 40.113.83.124 X-Accel-Internal: /internal-nginx-static-location Connection: close --6d865b0e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --6d865b0e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/.git/HEAD"] [unique_id "aIWpH1eG06QUq9l42nbq4gAAABE"] Stopwatch: 1753590047921705 7515 (- - -) Stopwatch2: 1753590047921705 7515; combined=5474, p1=680, p2=1932, p3=0, p4=0, p5=2861, sr=256, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6d865b0e-Z-- --a7bbd62b-A-- [27/Jul/2025:07:29:49.438804 +0300] aIWrO1eG06QUq9l42nb7rgAAAA8 157.230.19.140 56616 127.0.0.1 7081 --a7bbd62b-B-- GET /.env HTTP/1.0 Host: www.opalparis.store X-Real-IP: 157.230.19.140 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --a7bbd62b-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.23 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: https://opalparis.store/.env Content-Length: 0 Content-Type: text/html; charset=UTF-8 --a7bbd62b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.opalparis.store"] [uri "/.env"] [unique_id "aIWrO1eG06QUq9l42nb7rgAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590587698200 1740745 (- - -) Stopwatch2: 1753590587698200 1740745; combined=3223, p1=811, p2=2229, p3=0, p4=0, p5=176, sr=298, sw=7, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a7bbd62b-Z-- --d171db2a-A-- [27/Jul/2025:07:29:51.200894 +0300] aIWrPYPNf5P2DoUqNUyW5wAAAJI 157.230.19.140 56722 127.0.0.1 7081 --d171db2a-B-- GET /.git/config HTTP/1.0 Host: www.opalparis.store X-Real-IP: 157.230.19.140 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --d171db2a-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.23 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: https://opalparis.store/.git/config Content-Length: 0 Content-Type: text/html; charset=UTF-8 --d171db2a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.opalparis.store"] [uri "/.git/config"] [unique_id "aIWrPYPNf5P2DoUqNUyW5wAAAJI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590589600609 1600360 (- - -) Stopwatch2: 1753590589600609 1600360; combined=2457, p1=545, p2=1734, p3=0, p4=0, p5=177, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d171db2a-Z-- --f8ba7875-A-- [27/Jul/2025:07:31:05.714342 +0300] aIWriVeG06QUq9l42nb94AAAAAg 178.128.207.138 48718 127.0.0.1 7081 --f8ba7875-B-- GET /.env HTTP/1.0 Host: www.riyadhchocolate.com X-Real-IP: 178.128.207.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --f8ba7875-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --f8ba7875-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.riyadhchocolate.com"] [uri "/.env"] [unique_id "aIWriVeG06QUq9l42nb94AAAAAg"] Stopwatch: 1753590665708683 5743 (- - -) Stopwatch2: 1753590665708683 5743; combined=2623, p1=631, p2=1920, p3=0, p4=0, p5=72, sr=198, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f8ba7875-Z-- --949ab022-A-- [27/Jul/2025:07:31:05.889787 +0300] aIWriVeG06QUq9l42nb94wAAAAc 178.128.207.138 48750 127.0.0.1 7081 --949ab022-B-- GET /.git/config HTTP/1.0 Host: www.riyadhchocolate.com X-Real-IP: 178.128.207.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --949ab022-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --949ab022-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.riyadhchocolate.com"] [uri "/.git/config"] [unique_id "aIWriVeG06QUq9l42nb94wAAAAc"] Stopwatch: 1753590665885932 3920 (- - -) Stopwatch2: 1753590665885932 3920; combined=2325, p1=436, p2=1802, p3=0, p4=0, p5=87, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --949ab022-Z-- --270f182d-A-- [27/Jul/2025:07:32:15.155667 +0300] aIWrzleG06QUq9l42nYAEQAAAA4 45.55.52.107 41982 127.0.0.1 7081 --270f182d-B-- GET /images/stories/3xp.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6InBuT2lJMWVYWE1zOFN6Y3dnTHlBTEE9PSIsInZhbHVlIjoiSjByMEgrMW9wUTNHU0d3aVZwVnQ1Qmx1LzFqMWVqSitZT29TU1M1QXUyVGdXUTk3T0tlclZoTXVWUHY1bHlJbDFSQ2hhaWFwTGYwbEVwNGZXSzRVblppOElnNG1uaHlmSWUzK0lUTE9TaWlYRVVzMjNPaFdjaUlaZW45NzdQRlciLCJtYWMiOiI3N2YwNzNhYzZhY2Q4NzI2ZTRkMmU0YmIyYmI3MDMyNDY2ZDI3ZjJiODk3ODQxZjNiNDkzZjMwNmY0YWE2NTNhIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjA4U3J2QU9EbW9lOE9oK2ovZUlyWmc9PSIsInZhbHVlIjoiQStlVUw1aEJocHNGeEhhRy9rR3lEWis2dDZUeDR1SUNvVTJ0dUhmVWYzQ2VWTzhtc29XYzFBYWxyTnNtR2toZFZZRE1tcG1Cd3ZuT0t4U3VaUWdMeVBSaHpyN09ESjQwcExUZ3N6OG5yNE9LTXZDOE16R1hsRXQzc2xqQk02SmciLCJtYWMiOiJmMTIyM2U5NTYxNTRjNzM5ZTFhMzc4YzAwNWVlOGRiYmQzMmY5YmU2OWZlMTc0NzkwNDQ3YWJiYzI4YzVmNGQ5IiwidGFnIjoiIn0%3D --270f182d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --270f182d-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "hamomohsen.net"] [uri "/images/stories/3xp.php"] [unique_id "aIWrzleG06QUq9l42nYAEQAAAA4"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590734916233 239600 (- - -) Stopwatch2: 1753590734916233 239600; combined=5916, p1=787, p2=4969, p3=0, p4=0, p5=159, sr=208, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --270f182d-Z-- --9d486e6e-A-- [27/Jul/2025:07:32:17.121238 +0300] aIWr0FeG06QUq9l42nYAFgAAAAg 45.55.52.107 42056 127.0.0.1 7081 --9d486e6e-B-- GET /images/stories/mas.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6InBuT2lJMWVYWE1zOFN6Y3dnTHlBTEE9PSIsInZhbHVlIjoiSjByMEgrMW9wUTNHU0d3aVZwVnQ1Qmx1LzFqMWVqSitZT29TU1M1QXUyVGdXUTk3T0tlclZoTXVWUHY1bHlJbDFSQ2hhaWFwTGYwbEVwNGZXSzRVblppOElnNG1uaHlmSWUzK0lUTE9TaWlYRVVzMjNPaFdjaUlaZW45NzdQRlciLCJtYWMiOiI3N2YwNzNhYzZhY2Q4NzI2ZTRkMmU0YmIyYmI3MDMyNDY2ZDI3ZjJiODk3ODQxZjNiNDkzZjMwNmY0YWE2NTNhIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjA4U3J2QU9EbW9lOE9oK2ovZUlyWmc9PSIsInZhbHVlIjoiQStlVUw1aEJocHNGeEhhRy9rR3lEWis2dDZUeDR1SUNvVTJ0dUhmVWYzQ2VWTzhtc29XYzFBYWxyTnNtR2toZFZZRE1tcG1Cd3ZuT0t4U3VaUWdMeVBSaHpyN09ESjQwcExUZ3N6OG5yNE9LTXZDOE16R1hsRXQzc2xqQk02SmciLCJtYWMiOiJmMTIyM2U5NTYxNTRjNzM5ZTFhMzc4YzAwNWVlOGRiYmQzMmY5YmU2OWZlMTc0NzkwNDQ3YWJiYzI4YzVmNGQ5IiwidGFnIjoiIn0%3D --9d486e6e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --9d486e6e-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "hamomohsen.net"] [uri "/images/stories/mas.php"] [unique_id "aIWr0FeG06QUq9l42nYAFgAAAAg"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590736856866 264490 (- - -) Stopwatch2: 1753590736856866 264490; combined=9384, p1=3838, p2=5386, p3=0, p4=0, p5=160, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d486e6e-Z-- --cfd83d65-A-- [27/Jul/2025:07:32:18.274812 +0300] aIWr0leG06QUq9l42nYAGQAAABA 45.55.52.107 42098 127.0.0.1 7081 --cfd83d65-B-- GET /images/stories/new.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6InBuT2lJMWVYWE1zOFN6Y3dnTHlBTEE9PSIsInZhbHVlIjoiSjByMEgrMW9wUTNHU0d3aVZwVnQ1Qmx1LzFqMWVqSitZT29TU1M1QXUyVGdXUTk3T0tlclZoTXVWUHY1bHlJbDFSQ2hhaWFwTGYwbEVwNGZXSzRVblppOElnNG1uaHlmSWUzK0lUTE9TaWlYRVVzMjNPaFdjaUlaZW45NzdQRlciLCJtYWMiOiI3N2YwNzNhYzZhY2Q4NzI2ZTRkMmU0YmIyYmI3MDMyNDY2ZDI3ZjJiODk3ODQxZjNiNDkzZjMwNmY0YWE2NTNhIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjA4U3J2QU9EbW9lOE9oK2ovZUlyWmc9PSIsInZhbHVlIjoiQStlVUw1aEJocHNGeEhhRy9rR3lEWis2dDZUeDR1SUNvVTJ0dUhmVWYzQ2VWTzhtc29XYzFBYWxyTnNtR2toZFZZRE1tcG1Cd3ZuT0t4U3VaUWdMeVBSaHpyN09ESjQwcExUZ3N6OG5yNE9LTXZDOE16R1hsRXQzc2xqQk02SmciLCJtYWMiOiJmMTIyM2U5NTYxNTRjNzM5ZTFhMzc4YzAwNWVlOGRiYmQzMmY5YmU2OWZlMTc0NzkwNDQ3YWJiYzI4YzVmNGQ5IiwidGFnIjoiIn0%3D --cfd83d65-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --cfd83d65-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "hamomohsen.net"] [uri "/images/stories/new.php"] [unique_id "aIWr0leG06QUq9l42nYAGQAAABA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590738010432 264561 (- - -) Stopwatch2: 1753590738010432 264561; combined=3898, p1=558, p2=3160, p3=0, p4=0, p5=179, sr=188, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cfd83d65-Z-- --5236ca14-A-- [27/Jul/2025:07:32:18.798600 +0300] aIWr0oPNf5P2DoUqNUyZCgAAAJI 45.55.52.107 42118 127.0.0.1 7081 --5236ca14-B-- GET /images/stories/seo.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6InBuT2lJMWVYWE1zOFN6Y3dnTHlBTEE9PSIsInZhbHVlIjoiSjByMEgrMW9wUTNHU0d3aVZwVnQ1Qmx1LzFqMWVqSitZT29TU1M1QXUyVGdXUTk3T0tlclZoTXVWUHY1bHlJbDFSQ2hhaWFwTGYwbEVwNGZXSzRVblppOElnNG1uaHlmSWUzK0lUTE9TaWlYRVVzMjNPaFdjaUlaZW45NzdQRlciLCJtYWMiOiI3N2YwNzNhYzZhY2Q4NzI2ZTRkMmU0YmIyYmI3MDMyNDY2ZDI3ZjJiODk3ODQxZjNiNDkzZjMwNmY0YWE2NTNhIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjA4U3J2QU9EbW9lOE9oK2ovZUlyWmc9PSIsInZhbHVlIjoiQStlVUw1aEJocHNGeEhhRy9rR3lEWis2dDZUeDR1SUNvVTJ0dUhmVWYzQ2VWTzhtc29XYzFBYWxyTnNtR2toZFZZRE1tcG1Cd3ZuT0t4U3VaUWdMeVBSaHpyN09ESjQwcExUZ3N6OG5yNE9LTXZDOE16R1hsRXQzc2xqQk02SmciLCJtYWMiOiJmMTIyM2U5NTYxNTRjNzM5ZTFhMzc4YzAwNWVlOGRiYmQzMmY5YmU2OWZlMTc0NzkwNDQ3YWJiYzI4YzVmNGQ5IiwidGFnIjoiIn0%3D --5236ca14-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --5236ca14-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "hamomohsen.net"] [uri "/images/stories/seo.php"] [unique_id "aIWr0oPNf5P2DoUqNUyZCgAAAJI"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590738562680 236067 (- - -) Stopwatch2: 1753590738562680 236067; combined=5019, p1=1529, p2=3299, p3=0, p4=0, p5=189, sr=604, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5236ca14-Z-- --0250475c-A-- [27/Jul/2025:07:32:21.194596 +0300] aIWr1FeG06QUq9l42nYAHwAAAA4 45.55.52.107 42206 127.0.0.1 7081 --0250475c-B-- GET /images/stories/x00x.php HTTP/1.0 Host: hamomohsen.net X-Real-IP: 45.55.52.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Cookie: XSRF-TOKEN=eyJpdiI6InBuT2lJMWVYWE1zOFN6Y3dnTHlBTEE9PSIsInZhbHVlIjoiSjByMEgrMW9wUTNHU0d3aVZwVnQ1Qmx1LzFqMWVqSitZT29TU1M1QXUyVGdXUTk3T0tlclZoTXVWUHY1bHlJbDFSQ2hhaWFwTGYwbEVwNGZXSzRVblppOElnNG1uaHlmSWUzK0lUTE9TaWlYRVVzMjNPaFdjaUlaZW45NzdQRlciLCJtYWMiOiI3N2YwNzNhYzZhY2Q4NzI2ZTRkMmU0YmIyYmI3MDMyNDY2ZDI3ZjJiODk3ODQxZjNiNDkzZjMwNmY0YWE2NTNhIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IjA4U3J2QU9EbW9lOE9oK2ovZUlyWmc9PSIsInZhbHVlIjoiQStlVUw1aEJocHNGeEhhRy9rR3lEWis2dDZUeDR1SUNvVTJ0dUhmVWYzQ2VWTzhtc29XYzFBYWxyTnNtR2toZFZZRE1tcG1Cd3ZuT0t4U3VaUWdMeVBSaHpyN09ESjQwcExUZ3N6OG5yNE9LTXZDOE16R1hsRXQzc2xqQk02SmciLCJtYWMiOiJmMTIyM2U5NTYxNTRjNzM5ZTFhMzc4YzAwNWVlOGRiYmQzMmY5YmU2OWZlMTc0NzkwNDQ3YWJiYzI4YzVmNGQ5IiwidGFnIjoiIn0%3D --0250475c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --0250475c-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||hamomohsen.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "hamomohsen.net"] [uri "/images/stories/x00x.php"] [unique_id "aIWr1FeG06QUq9l42nYAHwAAAA4"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590740965211 229471 (- - -) Stopwatch2: 1753590740965211 229471; combined=3772, p1=516, p2=3121, p3=0, p4=0, p5=134, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0250475c-Z-- --10ec750c-A-- [27/Jul/2025:07:32:57.822415 +0300] aIWr91eG06QUq9l42nYBYAAAAAc 85.112.201.196 56924 127.0.0.1 7081 --10ec750c-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 85.112.201.196 X-Accel-Internal: /internal-nginx-static-location Connection: close upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br sec-fetch-site: same-origin sec-fetch-user: ?1 referer: http://glamilea.com/wp-login.php cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --10ec750c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --10ec750c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIWr91eG06QUq9l42nYBYAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590775618149 2204409 (- - -) Stopwatch2: 1753590775618149 2204409; combined=6940, p1=721, p2=6120, p3=0, p4=0, p5=98, sr=268, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10ec750c-Z-- --7924604b-A-- [27/Jul/2025:07:35:18.385551 +0300] aIWshoPNf5P2DoUqNUybdQAAAJE 88.121.247.92 34060 127.0.0.1 7081 --7924604b-B-- GET /.git/config HTTP/1.0 Host: hamomohsen.net X-Real-IP: 88.121.247.92 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: fasthttp --7924604b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --7924604b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.git/config"] [unique_id "aIWshoPNf5P2DoUqNUybdQAAAJE"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753590918119931 265727 (- - -) Stopwatch2: 1753590918119931 265727; combined=8674, p1=3565, p2=4989, p3=0, p4=0, p5=120, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7924604b-Z-- --0bbe687c-A-- [27/Jul/2025:08:04:50.077666 +0300] aIWzcVeG06QUq9l42nY2QwAAAAY 196.251.70.223 39980 127.0.0.1 7081 --0bbe687c-B-- GET /.env HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 196.251.70.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --0bbe687c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=4b0a41b6f97944a80f8f1de01a72ae98; expires=Sun, 27 Jul 2025 06:05:50 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --0bbe687c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.env"] [unique_id "aIWzcVeG06QUq9l42nY2QwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753592689910136 167733 (- - -) Stopwatch2: 1753592689910136 167733; combined=2957, p1=1032, p2=1807, p3=0, p4=0, p5=116, sr=263, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0bbe687c-Z-- --7a00cd0d-A-- [27/Jul/2025:08:06:27.472098 +0300] aIWz04PNf5P2DoUqNUyzbwAAAIE 3.218.145.0 52050 127.0.0.1 7081 --7a00cd0d-B-- GET /.git/config HTTP/1.0 Host: pos.itilebanon.com X-Real-IP: 3.218.145.0 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 YaBrowser/19.7.0.1990 Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --7a00cd0d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --7a00cd0d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pos.itilebanon.com"] [uri "/.git/config"] [unique_id "aIWz04PNf5P2DoUqNUyzbwAAAIE"] Stopwatch: 1753592787467515 4671 (- - -) Stopwatch2: 1753592787467515 4671; combined=2760, p1=567, p2=2121, p3=0, p4=0, p5=72, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7a00cd0d-Z-- --0eee9773-A-- [27/Jul/2025:08:07:42.513468 +0300] aIW0HleG06QUq9l42nY6ygAAAA8 3.218.145.0 44342 127.0.0.1 7081 --0eee9773-B-- GET /.git/config HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 3.218.145.0 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/499; U; ru) Presto/2.4.18 Version/10.00 Accept-Charset: utf-8 Accept-Encoding: gzip --0eee9773-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --0eee9773-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/.git/config"] [unique_id "aIW0HleG06QUq9l42nY6ygAAAA8"] Stopwatch: 1753592862508518 5100 (- - -) Stopwatch2: 1753592862508518 5100; combined=2950, p1=694, p2=2091, p3=0, p4=0, p5=164, sr=184, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0eee9773-Z-- --fd5d622c-A-- [27/Jul/2025:08:17:41.402129 +0300] aIW2dVeG06QUq9l42nZIOAAAAAY 88.80.26.2 51022 127.0.0.1 7081 --fd5d622c-B-- GET /log/production.log HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 88.80.26.2 Connection: close User-Agent: Mozilla/5.0 (ZZ; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --fd5d622c-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd5d622c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/log/production.log"] [unique_id "aIW2dVeG06QUq9l42nZIOAAAAAY"] Stopwatch: 1753593461395881 6367 (- - -) Stopwatch2: 1753593461395881 6367; combined=3674, p1=880, p2=2613, p3=30, p4=44, p5=106, sr=368, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd5d622c-Z-- --511c5661-A-- [27/Jul/2025:08:17:43.504523 +0300] aIW2d1eG06QUq9l42nZIRwAAABI 88.80.26.2 57770 127.0.0.1 7081 --511c5661-B-- GET /logs/production.log HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 88.80.26.2 Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --511c5661-F-- HTTP/1.1 403 Forbidden Content-Length: 268 Connection: close Content-Type: text/html; charset=iso-8859-1 --511c5661-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/logs/production.log"] [unique_id "aIW2d1eG06QUq9l42nZIRwAAABI"] Stopwatch: 1753593463497163 7562 (- - -) Stopwatch2: 1753593463497163 7562; combined=5932, p1=3648, p2=2134, p3=27, p4=39, p5=83, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --511c5661-Z-- --701bb10d-A-- [27/Jul/2025:08:17:46.868975 +0300] aIW2eleG06QUq9l42nZIagAAABg 45.90.185.116 58216 127.0.0.1 7081 --701bb10d-B-- GET /production.log HTTP/1.0 Host: webmail.alc.edu.lb X-Real-IP: 45.90.185.116 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:137.0) Gecko/20100101 Firefox/137.0 Accept: */* Accept-Language: en Accept-Encoding: gzip --701bb10d-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --701bb10d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.alc.edu.lb|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.alc.edu.lb"] [uri "/production.log"] [unique_id "aIW2eleG06QUq9l42nZIagAAABg"] Stopwatch: 1753593466864136 4938 (- - -) Stopwatch2: 1753593466864136 4938; combined=2954, p1=646, p2=2156, p3=26, p4=40, p5=85, sr=264, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --701bb10d-Z-- --22848206-A-- [27/Jul/2025:08:19:40.861119 +0300] aIW27IPNf5P2DoUqNUy8jAAAAIk 89.213.174.241 44622 127.0.0.1 7081 --22848206-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 89.213.174.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --22848206-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --22848206-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIW27IPNf5P2DoUqNUy8jAAAAIk"] Stopwatch: 1753593580855965 5289 (- - -) Stopwatch2: 1753593580855965 5289; combined=2967, p1=723, p2=2175, p3=0, p4=0, p5=69, sr=217, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --22848206-Z-- --63f8684b-A-- [27/Jul/2025:08:22:59.328169 +0300] aIW3sleG06QUq9l42nZQfQAAAAo 78.40.176.204 40692 127.0.0.1 7081 --63f8684b-B-- GET /administration/index.php?code=4/0AVMBsJhSptQQzAID2II1POKr-7UN5NrFaiCKESBnVYKDqaknm5vuoZxTysuRBLMSyfEB_g&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=20u2kf8ham8vt3bs6us7s33md2 --63f8684b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --63f8684b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIW3sleG06QUq9l42nZQfQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753593778880208 448153 (- - -) Stopwatch2: 1753593778880208 448153; combined=10604, p1=1900, p2=8354, p3=145, p4=77, p5=127, sr=1502, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --63f8684b-Z-- --7615ed04-A-- [27/Jul/2025:08:24:03.207661 +0300] aIW381eG06QUq9l42nZSlAAAABM 3.218.145.0 48244 127.0.0.1 7081 --7615ed04-B-- GET /.git/config HTTP/1.0 Host: posrest.raqmix.cloud X-Real-IP: 3.218.145.0 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; fr-fr; GT-I5700 Build/CUPCAKE) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 Accept-Charset: utf-8 Accept-Encoding: gzip --7615ed04-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --7615ed04-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "posrest.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIW381eG06QUq9l42nZSlAAAABM"] Stopwatch: 1753593843202747 5848 (- - -) Stopwatch2: 1753593843202747 5848; combined=2621, p1=586, p2=1933, p3=0, p4=0, p5=102, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7615ed04-Z-- --456d1647-A-- [27/Jul/2025:08:42:20.655625 +0300] aIW8PFeG06QUq9l42nZrwgAAABg 196.251.70.223 56892 127.0.0.1 7081 --456d1647-B-- GET /.env HTTP/1.0 Host: test.kime.agency X-Real-IP: 196.251.70.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: HTMLParser/1.6 Accept-Charset: utf-8 Accept-Encoding: gzip --456d1647-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --456d1647-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.env"] [unique_id "aIW8PFeG06QUq9l42nZrwgAAABg"] Stopwatch: 1753594940650242 5522 (- - -) Stopwatch2: 1753594940650242 5522; combined=3507, p1=627, p2=2716, p3=0, p4=0, p5=164, sr=157, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --456d1647-Z-- --6b57867b-A-- [27/Jul/2025:09:06:25.406961 +0300] aIXB4VeG06QUq9l42naMXgAAABM 206.189.225.181 45304 127.0.0.1 7081 --6b57867b-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: boneless.raqmix.cloud X-Real-IP: 206.189.225.181 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --6b57867b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --6b57867b-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||boneless.raqmix.cloud|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||boneless.raqmix.cloud|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "boneless.raqmix.cloud"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIXB4VeG06QUq9l42naMXgAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/boneless.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753596385065676 341500 (- - -) Stopwatch2: 1753596385065676 341500; combined=7710, p1=800, p2=6657, p3=0, p4=0, p5=252, sr=159, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b57867b-Z-- --1ceaa006-A-- [27/Jul/2025:09:06:34.197880 +0300] aIXB6leG06QUq9l42naMrQAAABg 206.189.225.181 36174 127.0.0.1 7081 --1ceaa006-B-- GET /.env HTTP/1.0 Host: boneless.raqmix.cloud X-Real-IP: 206.189.225.181 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --1ceaa006-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/.env Content-Length: 0 --1ceaa006-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boneless.raqmix.cloud"] [uri "/.env"] [unique_id "aIXB6leG06QUq9l42naMrQAAABg"] Stopwatch: 1753596394193870 4081 (- - -) Stopwatch2: 1753596394193870 4081; combined=2552, p1=584, p2=1826, p3=30, p4=57, p5=54, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ceaa006-Z-- --6db7b940-A-- [27/Jul/2025:09:06:34.606676 +0300] aIXB6leG06QUq9l42naMrwAAABY 206.189.225.181 36190 127.0.0.1 7081 --6db7b940-B-- GET /.git/config HTTP/1.0 Host: boneless.raqmix.cloud X-Real-IP: 206.189.225.181 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --6db7b940-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Mon, 28 Aug 2023 14:39:52 GMT ETag: "177-603fcaac5de00" Accept-Ranges: bytes Content-Length: 375 --6db7b940-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boneless.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIXB6leG06QUq9l42naMrwAAABY"] Stopwatch: 1753596394602789 4006 (- - -) Stopwatch2: 1753596394602789 4006; combined=2232, p1=506, p2=1591, p3=31, p4=36, p5=68, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6db7b940-Z-- --a067f06b-A-- [27/Jul/2025:09:32:44.899878 +0300] aIXICoPNf5P2DoUqNUzu-QAAAJM 138.68.144.227 48116 127.0.0.1 7081 --a067f06b-B-- GET /.env HTTP/1.0 Host: glamilea.com X-Real-IP: 138.68.144.227 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --a067f06b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 06:32:43 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --a067f06b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.env"] [unique_id "aIXICoPNf5P2DoUqNUzu-QAAAJM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753597962568285 2331755 (- - -) Stopwatch2: 1753597962568285 2331755; combined=2672, p1=613, p2=1827, p3=0, p4=0, p5=231, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a067f06b-Z-- --1f7d265f-A-- [27/Jul/2025:09:32:47.440972 +0300] aIXIDVeG06QUq9l42nayPQAAABI 138.68.144.227 41656 127.0.0.1 7081 --1f7d265f-B-- GET /.git/config HTTP/1.0 Host: glamilea.com X-Real-IP: 138.68.144.227 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --1f7d265f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 X-LiteSpeed-Tag: cb5_HTTP.404 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: yay_currency_widget=29035; expires=Tue, 26-Aug-2025 06:32:46 GMT; Max-Age=2592000; path=/ Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --1f7d265f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamilea.com"] [uri "/.git/config"] [unique_id "aIXIDVeG06QUq9l42nayPQAAABI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753597965138370 2302687 (- - -) Stopwatch2: 1753597965138370 2302687; combined=2705, p1=664, p2=1918, p3=0, p4=0, p5=122, sr=165, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1f7d265f-Z-- --20ea7474-A-- [27/Jul/2025:10:01:49.726785 +0300] aIXO3VeG06QUq9l42nbaKgAAAAw 196.251.70.223 40214 127.0.0.1 7081 --20ea7474-B-- GET /.env HTTP/1.0 Host: www.sys.ellaith.com X-Real-IP: 196.251.70.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; HTC U11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --20ea7474-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=1a0a40cf4f21470fe7e7985d96ce673b; expires=Sun, 27 Jul 2025 08:02:49 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --20ea7474-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sys.ellaith.com"] [uri "/.env"] [unique_id "aIXO3VeG06QUq9l42nbaKgAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753599709662273 64617 (- - -) Stopwatch2: 1753599709662273 64617; combined=4527, p1=626, p2=3749, p3=0, p4=0, p5=151, sr=171, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20ea7474-Z-- --c9de513d-A-- [27/Jul/2025:10:18:34.025092 +0300] aIXSyleG06QUq9l42nbyNgAAABQ 196.251.70.223 45936 127.0.0.1 7081 --c9de513d-B-- GET /.env HTTP/1.0 Host: raqmix.cloud X-Real-IP: 196.251.70.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.17) Gecko/20110123 SeaMonkey/2.0.12 Accept-Charset: utf-8 Accept-Encoding: gzip --c9de513d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --c9de513d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.env"] [unique_id "aIXSyleG06QUq9l42nbyNgAAABQ"] Stopwatch: 1753600714020593 4637 (- - -) Stopwatch2: 1753600714020593 4637; combined=2583, p1=610, p2=1895, p3=0, p4=0, p5=77, sr=140, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c9de513d-Z-- --21ff9e11-A-- [27/Jul/2025:10:18:43.570715 +0300] aIXS01eG06QUq9l42nbyUgAAABc 185.177.72.104 59146 127.0.0.1 7081 --21ff9e11-B-- GET /.env HTTP/1.0 Host: courier.raqmix.cloud X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --21ff9e11-F-- HTTP/1.1 403 Forbidden Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "31b-62a6a8c18bcd7" Accept-Ranges: bytes Content-Length: 795 Content-Type: text/html --21ff9e11-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "courier.raqmix.cloud"] [uri "/.env"] [unique_id "aIXS01eG06QUq9l42nbyUgAAABc"] Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/raqmix.cloud/courier.raqmix.cloud/.env Stopwatch: 1753600723557987 12823 (- - -) Stopwatch2: 1753600723557987 12823; combined=11741, p1=11638, p2=0, p3=0, p4=0, p5=103, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21ff9e11-Z-- --28c0c76f-A-- [27/Jul/2025:10:18:49.109929 +0300] aIXS2IPNf5P2DoUqNUwNAgAAAIA 185.177.72.104 59316 127.0.0.1 7081 --28c0c76f-B-- GET /backend/.env HTTP/1.0 Host: courier.raqmix.cloud X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --28c0c76f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1016 Content-Type: text/html; charset=UTF-8 --28c0c76f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "courier.raqmix.cloud"] [uri "/backend/.env"] [unique_id "aIXS2IPNf5P2DoUqNUwNAgAAAIA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/courier.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753600728725801 384223 (- - -) Stopwatch2: 1753600728725801 384223; combined=111619, p1=724, p2=2164, p3=0, p4=0, p5=54408, sr=176, sw=1, l=0, gc=54322 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28c0c76f-Z-- --e87a837a-A-- [27/Jul/2025:10:18:49.504266 +0300] aIXS2VeG06QUq9l42nbyZAAAAAA 185.177.72.104 59336 127.0.0.1 7081 --e87a837a-B-- GET /api/.env HTTP/1.0 Host: courier.raqmix.cloud X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e87a837a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private Access-Control-Allow-Origin: * Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1016 Content-Type: text/html; charset=UTF-8 --e87a837a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "courier.raqmix.cloud"] [uri "/api/.env"] [unique_id "aIXS2VeG06QUq9l42nbyZAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/courier.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753600729194930 309452 (- - -) Stopwatch2: 1753600729194930 309452; combined=3895, p1=842, p2=2840, p3=0, p4=0, p5=212, sr=149, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e87a837a-Z-- --3a3b0933-A-- [27/Jul/2025:10:18:49.905424 +0300] aIXS2VeG06QUq9l42nbyZQAAABA 185.177.72.104 59342 127.0.0.1 7081 --3a3b0933-B-- GET /env.backup HTTP/1.0 Host: courier.raqmix.cloud X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3a3b0933-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1016 Content-Type: text/html; charset=UTF-8 --3a3b0933-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||courier.raqmix.cloud|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||courier.raqmix.cloud|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "courier.raqmix.cloud"] [uri "/env.backup"] [unique_id "aIXS2VeG06QUq9l42nbyZQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/courier.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753600729603920 301600 (- - -) Stopwatch2: 1753600729603920 301600; combined=3117, p1=562, p2=2414, p3=0, p4=0, p5=140, sr=176, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a3b0933-Z-- --13cea224-A-- [27/Jul/2025:10:18:50.632680 +0300] aIXS2oPNf5P2DoUqNUwNBQAAAJQ 185.177.72.104 59368 127.0.0.1 7081 --13cea224-B-- GET /main/.env HTTP/1.0 Host: courier.raqmix.cloud X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --13cea224-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1016 Content-Type: text/html; charset=UTF-8 --13cea224-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "courier.raqmix.cloud"] [uri "/main/.env"] [unique_id "aIXS2oPNf5P2DoUqNUwNBQAAAJQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/courier.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753600730337448 295358 (- - -) Stopwatch2: 1753600730337448 295358; combined=3610, p1=1602, p2=1896, p3=0, p4=0, p5=112, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13cea224-Z-- --aadbb70c-A-- [27/Jul/2025:10:32:40.847301 +0300] aIXWGFeG06QUq9l42nYIRAAAABQ 164.90.228.79 46018 127.0.0.1 7081 --aadbb70c-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: rorobeauty.raqmix.cloud X-Real-IP: 164.90.228.79 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --aadbb70c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --aadbb70c-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||rorobeauty.raqmix.cloud|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||rorobeauty.raqmix.cloud|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "rorobeauty.raqmix.cloud"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIXWGFeG06QUq9l42nYIRAAAABQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rorobeauty.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753601560591080 256372 (- - -) Stopwatch2: 1753601560591080 256372; combined=16682, p1=716, p2=15731, p3=0, p4=0, p5=235, sr=299, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aadbb70c-Z-- --4f32247f-A-- [27/Jul/2025:10:32:55.471181 +0300] aIXWJ1eG06QUq9l42nYI1gAAAA8 164.90.228.79 52336 127.0.0.1 7081 --4f32247f-B-- GET /.env HTTP/1.0 Host: rorobeauty.raqmix.cloud X-Real-IP: 164.90.228.79 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --4f32247f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --4f32247f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rorobeauty.raqmix.cloud"] [uri "/.env"] [unique_id "aIXWJ1eG06QUq9l42nYI1gAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rorobeauty.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753601575172385 298889 (- - -) Stopwatch2: 1753601575172385 298889; combined=14651, p1=11482, p2=3061, p3=0, p4=0, p5=108, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4f32247f-Z-- --d269de42-A-- [27/Jul/2025:10:32:55.908828 +0300] aIXWJ1eG06QUq9l42nYI3QAAAAg 164.90.228.79 52406 127.0.0.1 7081 --d269de42-B-- GET /.git/config HTTP/1.0 Host: rorobeauty.raqmix.cloud X-Real-IP: 164.90.228.79 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --d269de42-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --d269de42-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rorobeauty.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIXWJ1eG06QUq9l42nYI3QAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rorobeauty.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753601575653966 255015 (- - -) Stopwatch2: 1753601575653966 255015; combined=2801, p1=568, p2=2057, p3=0, p4=0, p5=175, sr=161, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d269de42-Z-- --2b69545f-A-- [27/Jul/2025:10:47:10.465439 +0300] aIXZfleG06QUq9l42nYc4wAAAAU 108.179.211.98 53678 127.0.0.1 7081 --2b69545f-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 108.179.211.98 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-mode: navigate sec-fetch-site: same-origin accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 upgrade-insecure-requests: 1 sec-fetch-dest: document cookie: wordpress_test_cookie=WP%20Cookie%20check --2b69545f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --2b69545f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIXZfleG06QUq9l42nYc4wAAAAU"] Stopwatch: 1753602430458848 6733 (- - -) Stopwatch2: 1753602430458848 6733; combined=4216, p1=1324, p2=2716, p3=0, p4=0, p5=175, sr=178, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b69545f-Z-- --7ae3c213-A-- [27/Jul/2025:10:48:44.009274 +0300] aIXZ21eG06QUq9l42nYfcAAAAAs 185.177.72.38 41430 127.0.0.1 7081 --7ae3c213-B-- GET /.git/config HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --7ae3c213-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --7ae3c213-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.git/config"] [unique_id "aIXZ21eG06QUq9l42nYfcAAAAAs"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753602523775378 234023 (- - -) Stopwatch2: 1753602523775378 234023; combined=3434, p1=870, p2=2397, p3=0, p4=0, p5=166, sr=300, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7ae3c213-Z-- --a00a5f60-A-- [27/Jul/2025:10:48:44.817428 +0300] aIXZ3FeG06QUq9l42nYffAAAAAA 185.177.72.38 41518 127.0.0.1 7081 --a00a5f60-B-- GET /.env HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --a00a5f60-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --a00a5f60-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env"] [unique_id "aIXZ3FeG06QUq9l42nYffAAAAAA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753602524562959 254562 (- - -) Stopwatch2: 1753602524562959 254562; combined=2929, p1=697, p2=2098, p3=0, p4=0, p5=133, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a00a5f60-Z-- --434f1c3e-A-- [27/Jul/2025:10:48:45.139584 +0300] aIXZ3FeG06QUq9l42nYffwAAABA 185.177.72.38 41544 127.0.0.1 7081 --434f1c3e-B-- GET /api/.env HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --434f1c3e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Access-Control-Allow-Origin: * Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --434f1c3e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/api/.env"] [unique_id "aIXZ3FeG06QUq9l42nYffwAAABA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753602524881984 257735 (- - -) Stopwatch2: 1753602524881984 257735; combined=2568, p1=516, p2=1920, p3=0, p4=0, p5=131, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --434f1c3e-Z-- --53a2067a-A-- [27/Jul/2025:10:48:45.454118 +0300] aIXZ3VeG06QUq9l42nYfhAAAAA0 185.177.72.38 41578 127.0.0.1 7081 --53a2067a-B-- GET /config/.env HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --53a2067a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --53a2067a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/config/.env"] [unique_id "aIXZ3VeG06QUq9l42nYfhAAAAA0"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753602525204535 249675 (- - -) Stopwatch2: 1753602525204535 249675; combined=2486, p1=594, p2=1776, p3=0, p4=0, p5=115, sr=175, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53a2067a-Z-- --9ead7028-A-- [27/Jul/2025:10:53:48.110620 +0300] aIXbDFeG06QUq9l42nYnVAAAAAM 193.201.189.116 34202 127.0.0.1 7081 --9ead7028-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 193.201.189.116 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 cookie: wordpress_test_cookie=WP%20Cookie%20check --9ead7028-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9ead7028-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIXbDFeG06QUq9l42nYnVAAAAAM"] Stopwatch: 1753602828106400 4364 (- - -) Stopwatch2: 1753602828106400 4364; combined=2770, p1=436, p2=2253, p3=0, p4=0, p5=80, sr=145, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9ead7028-Z-- --57a23169-A-- [27/Jul/2025:10:54:58.737917 +0300] aIXbUoPNf5P2DoUqNUwmNQAAAI0 185.177.72.38 51204 127.0.0.1 7081 --57a23169-B-- GET /.git/config HTTP/1.0 Host: demonanomie.com X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --57a23169-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 09 Jun 2025 14:06:48 GMT ETag: "328-637241743cede" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --57a23169-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demonanomie.com"] [uri "/.git/config"] [unique_id "aIXbUoPNf5P2DoUqNUwmNQAAAI0"] Stopwatch: 1753602898733100 4986 (- - -) Stopwatch2: 1753602898733100 4986; combined=2752, p1=607, p2=2061, p3=0, p4=0, p5=84, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --57a23169-Z-- --c4bd7706-A-- [27/Jul/2025:10:54:59.103655 +0300] aIXbU1eG06QUq9l42nYpVgAAAAc 185.177.72.38 51240 127.0.0.1 7081 --c4bd7706-B-- GET /.env HTTP/1.0 Host: demonanomie.com X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --c4bd7706-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 09 Jun 2025 14:06:48 GMT ETag: "328-637241743cede" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --c4bd7706-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demonanomie.com"] [uri "/.env"] [unique_id "aIXbU1eG06QUq9l42nYpVgAAAAc"] Stopwatch: 1753602899098250 5546 (- - -) Stopwatch2: 1753602899098250 5546; combined=3123, p1=665, p2=2368, p3=0, p4=0, p5=89, sr=185, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c4bd7706-Z-- --3d40ea18-A-- [27/Jul/2025:10:54:59.166650 +0300] aIXbU1eG06QUq9l42nYpWAAAAAQ 185.177.72.38 51264 127.0.0.1 7081 --3d40ea18-B-- GET /api/.env HTTP/1.0 Host: demonanomie.com X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --3d40ea18-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 09 Jun 2025 14:06:48 GMT ETag: "328-637241743cede" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --3d40ea18-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demonanomie.com"] [uri "/api/.env"] [unique_id "aIXbU1eG06QUq9l42nYpWAAAAAQ"] Stopwatch: 1753602899161981 4777 (- - -) Stopwatch2: 1753602899161981 4777; combined=3205, p1=498, p2=2635, p3=0, p4=0, p5=72, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3d40ea18-Z-- --8676475d-A-- [27/Jul/2025:10:54:59.232642 +0300] aIXbU1eG06QUq9l42nYpWQAAAAg 185.177.72.38 51278 127.0.0.1 7081 --8676475d-B-- GET /config/.env HTTP/1.0 Host: demonanomie.com X-Real-IP: 185.177.72.38 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --8676475d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 09 Jun 2025 14:06:48 GMT ETag: "328-637241743cede" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --8676475d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demonanomie.com"] [uri "/config/.env"] [unique_id "aIXbU1eG06QUq9l42nYpWQAAAAg"] Stopwatch: 1753602899227183 5549 (- - -) Stopwatch2: 1753602899227183 5549; combined=3431, p1=550, p2=2801, p3=0, p4=0, p5=80, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8676475d-Z-- --2b0b161e-A-- [27/Jul/2025:11:03:02.037476 +0300] aIXdNoPNf5P2DoUqNUwvnAAAAIU 85.242.140.162 51466 127.0.0.1 7081 --2b0b161e-B-- GET /.env?raw HTTP/1.0 Host: jinansystem.com X-Real-IP: 85.242.140.162 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-encoding: gzip user-agent: Go-http-client/2.0 --2b0b161e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --2b0b161e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.env"] [unique_id "aIXdNoPNf5P2DoUqNUwvnAAAAIU"] Stopwatch: 1753603382031713 5878 (- - -) Stopwatch2: 1753603382031713 5878; combined=3463, p1=759, p2=2592, p3=0, p4=0, p5=112, sr=197, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b0b161e-Z-- --45091007-A-- [27/Jul/2025:11:04:42.212125 +0300] aIXdmoPNf5P2DoUqNUwyvgAAAIc 40.113.89.18 55126 127.0.0.1 7081 --45091007-B-- GET /wp-content/debug.log HTTP/1.0 Host: verozone.md X-Real-IP: 40.113.89.18 X-Accel-Internal: /internal-nginx-static-location Connection: close --45091007-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 --45091007-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||verozone.md|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||verozone.md|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "verozone.md"] [uri "/wp-content/debug.log"] [unique_id "aIXdmoPNf5P2DoUqNUwyvgAAAIc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/verozone.md/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753603482180325 31917 (- - -) Stopwatch2: 1753603482180325 31917; combined=20652, p1=530, p2=20006, p3=0, p4=0, p5=116, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45091007-Z-- --5fd00a74-A-- [27/Jul/2025:11:04:47.914189 +0300] aIXdn4PNf5P2DoUqNUwzFwAAAI8 40.113.89.18 51950 127.0.0.1 7081 --5fd00a74-B-- GET /.git/HEAD HTTP/1.0 Host: verozone.md X-Real-IP: 40.113.89.18 X-Accel-Internal: /internal-nginx-static-location Connection: close --5fd00a74-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 --5fd00a74-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "verozone.md"] [uri "/.git/HEAD"] [unique_id "aIXdn4PNf5P2DoUqNUwzFwAAAI8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/verozone.md/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753603487897153 17091 (- - -) Stopwatch2: 1753603487897153 17091; combined=2687, p1=671, p2=1904, p3=0, p4=0, p5=111, sr=230, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5fd00a74-Z-- --1c9d094b-A-- [27/Jul/2025:11:15:14.197145 +0300] aIXgEoPNf5P2DoUqNUxEnAAAAIg 78.40.176.204 51592 127.0.0.1 7081 --1c9d094b-B-- GET /administration/index.php?code=4/0AVMBsJhJW6sCECctrX0fxvpIXRnqUfGrj3v-SNprsDCN-sWX5-J_IJbA0KT7zP0riqbEAg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i --1c9d094b-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=qptbfpj9bagpvsvggv1n63lq31; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://www.jinansystem.com/login.php Content-Length: 0 Content-Type: text/html; charset=UTF-8 --1c9d094b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIXgEoPNf5P2DoUqNUxEnAAAAIg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753604114189875 7422 (- - -) Stopwatch2: 1753604114189875 7422; combined=4122, p1=597, p2=3304, p3=73, p4=36, p5=112, sr=208, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1c9d094b-Z-- --d73c8830-A-- [27/Jul/2025:11:15:16.558037 +0300] aIXgFFeG06QUq9l42nY9fgAAAAg 65.49.20.68 51678 127.0.0.1 7081 --d73c8830-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 65.49.20.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip --d73c8830-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --d73c8830-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.git/config"] [unique_id "aIXgFFeG06QUq9l42nY9fgAAAAg"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753604116556581 1550 (- - -) Stopwatch2: 1753604116556581 1550; combined=882, p1=720, p2=0, p3=39, p4=35, p5=88, sr=178, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d73c8830-Z-- --3d82f473-A-- [27/Jul/2025:11:15:26.678222 +0300] aIXgHleG06QUq9l42nY9mQAAABE 78.40.176.204 47064 127.0.0.1 7081 --3d82f473-B-- GET /administration/index.php?code=4/0AVMBsJgHVkVQomMWgr4Svc6T0O3D56gKN9epd22plLezcIBmjp-ifgJDTQ9TzCch_DOkFw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=qptbfpj9bagpvsvggv1n63lq31 --3d82f473-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --3d82f473-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIXgHleG06QUq9l42nY9mQAAABE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753604126230079 448384 (- - -) Stopwatch2: 1753604126230079 448384; combined=6141, p1=778, p2=5002, p3=135, p4=93, p5=132, sr=276, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3d82f473-Z-- --cd689e6f-A-- [27/Jul/2025:11:19:16.058089 +0300] aIXhA1eG06QUq9l42nZArgAAAAY 159.89.12.166 42690 127.0.0.1 7081 --cd689e6f-B-- GET /.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 159.89.12.166 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --cd689e6f-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --cd689e6f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env"] [unique_id "aIXhA1eG06QUq9l42nZArgAAAAY"] Stopwatch: 1753604355774014 284189 (- - -) Stopwatch2: 1753604355774014 284189; combined=3069, p1=505, p2=2253, p3=77, p4=60, p5=173, sr=141, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd689e6f-Z-- --cd342a2c-A-- [27/Jul/2025:11:19:16.430554 +0300] aIXhBIPNf5P2DoUqNUxKhgAAAJY 159.89.12.166 42768 127.0.0.1 7081 --cd342a2c-B-- GET /.git/config HTTP/1.0 Host: test.own-dev.com X-Real-IP: 159.89.12.166 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --cd342a2c-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Thu, 29 May 2025 12:08:16 GMT ETag: "157-63645270bec00" Accept-Ranges: bytes Content-Length: 343 --cd342a2c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.git/config"] [unique_id "aIXhBIPNf5P2DoUqNUxKhgAAAJY"] Stopwatch: 1753604356426717 3957 (- - -) Stopwatch2: 1753604356426717 3957; combined=2382, p1=532, p2=1728, p3=26, p4=28, p5=68, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd342a2c-Z-- --5f42454d-A-- [27/Jul/2025:11:20:22.633103 +0300] aIXhRoPNf5P2DoUqNUxL9wAAAIc 165.22.54.104 33008 127.0.0.1 7081 --5f42454d-B-- GET /.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 165.22.54.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --5f42454d-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f42454d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env"] [unique_id "aIXhRoPNf5P2DoUqNUxL9wAAAIc"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753604422631721 1452 (- - -) Stopwatch2: 1753604422631721 1452; combined=995, p1=854, p2=0, p3=29, p4=35, p5=77, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f42454d-Z-- --cf15894b-A-- [27/Jul/2025:11:20:24.444125 +0300] aIXhSIPNf5P2DoUqNUxMCQAAAIQ 165.22.54.104 58708 127.0.0.1 7081 --cf15894b-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 165.22.54.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --cf15894b-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --cf15894b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.git/config"] [unique_id "aIXhSIPNf5P2DoUqNUxMCQAAAIQ"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753604424442485 1713 (- - -) Stopwatch2: 1753604424442485 1713; combined=648, p1=514, p2=0, p3=31, p4=32, p5=71, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf15894b-Z-- --831e3770-A-- [27/Jul/2025:11:39:07.993229 +0300] aIXlq4PNf5P2DoUqNUxpmAAAAII 80.124.54.14 38798 127.0.0.1 7081 --831e3770-B-- GET /wp-config.php HTTP/1.0 Host: casa-eg.com X-Real-IP: 80.124.54.14 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 --831e3770-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --831e3770-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "casa-eg.com"] [uri "/wp-config.php"] [unique_id "aIXlq4PNf5P2DoUqNUxpmAAAAII"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/casa-eg.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753605547988477 4829 (- - -) Stopwatch2: 1753605547988477 4829; combined=2578, p1=533, p2=1842, p3=106, p4=28, p5=69, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --831e3770-Z-- --e769b602-A-- [27/Jul/2025:11:56:39.307441 +0300] aIXpx4PNf5P2DoUqNUyEOwAAAIU 108.179.211.98 43396 127.0.0.1 7081 --e769b602-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 108.179.211.98 X-Accel-Internal: /internal-nginx-static-location Connection: close upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-mode: navigate sec-fetch-user: ?1 cookie: wordpress_test_cookie=WP%20Cookie%20check --e769b602-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --e769b602-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIXpx4PNf5P2DoUqNUyEOwAAAIU"] Stopwatch: 1753606599299997 7576 (- - -) Stopwatch2: 1753606599299997 7576; combined=4808, p1=1002, p2=3719, p3=0, p4=0, p5=87, sr=557, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e769b602-Z-- --28b3f01c-A-- [27/Jul/2025:12:15:51.603901 +0300] aIXuR1eG06QUq9l42nZpbgAAABc 78.40.176.204 33466 127.0.0.1 7081 --28b3f01c-B-- GET /administration/index.php?code=4/0AVMBsJhV9NPcRO8KpwARv0a_V9GEIa_FwvR6yL5tBD9KfyaULR1H7O890ccZinmw8GI15Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=klibknau0lu4egnja9skomtqd2 --28b3f01c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --28b3f01c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIXuR1eG06QUq9l42nZpbgAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753607751157440 446710 (- - -) Stopwatch2: 1753607751157440 446710; combined=6389, p1=2439, p2=3612, p3=156, p4=61, p5=121, sr=323, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28b3f01c-Z-- --79b87a45-A-- [27/Jul/2025:12:21:02.010428 +0300] aIXvfleG06QUq9l42nZtLAAAAA4 158.51.121.183 34516 127.0.0.1 7081 --79b87a45-B-- GET /app_dev.php/_profiler/open?file=app/config/config.yml HTTP/1.0 Host: jinansystem.com X-Real-IP: 158.51.121.183 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: */* Accept-Encoding: gzip --79b87a45-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --79b87a45-H-- Message: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "config.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIXvfleG06QUq9l42nZtLAAAAA4"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "config.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIXvfleG06QUq9l42nZtLAAAAA4"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown\\n' Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608062001861 8641 (- - -) Stopwatch2: 1753608062001861 8641; combined=4839, p1=698, p2=3867, p3=69, p4=37, p5=167, sr=178, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79b87a45-Z-- --f76dec0a-A-- [27/Jul/2025:12:21:09.791622 +0300] aIXvg4PNf5P2DoUqNUynWgAAAIs 69.171.251.10 56970 127.0.0.1 7081 --f76dec0a-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 69.171.251.10 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 775 sec-ch-ua-platform: "Linux" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://opalparis.store sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://opalparis.store/?fbclid=IwZXh0bgNhZW0CMTEAAR7rTmk3VJfE2-xFYVMx_jMHrySL1UEhI92_CkrFAzkOUejMxkzToJWQ8Tehjw_aem_aPI3g7JvzD-CD4FXhQ44Vg accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 x-fb-connecttimeout: 16000 priority: u=1, i cookie: sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2025-07-27%2009%3A21%3A06%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR7rTmk3VJfE2-xFYVMx_jMHrySL1UEhI92_CkrFAzkOUejMxkzToJWQ8Tehjw_aem_aPI3g7JvzD-CD4FXhQ44Vg%7C%7C%7Crf%3Dhttps%3A%2F%2Fwww.facebook.com%2F; sbjs_first_add=fd%3D2025-07-27%2009%3A21%3A06%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR7rTmk3VJfE2-xFYVMx_jMHrySL1UEhI92_CkrFAzkOUejMxkzToJWQ8Tehjw_aem_aPI3g7JvzD-CD4FXhQ44Vg%7C%7C%7Crf%3Dhttps%3A%2F%2Fwww.facebook.com%2F; sbjs_current=typ%3Dreferral%7C%7C%7Csrc%3Dfacebook.com%7C%7C%7Cmdm%3Dreferral%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%2F%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first=typ%3Dreferral%7C%7C%7Csrc%3Dfacebook.com%7C%7C%7Cmdm%3Dreferral%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%2F%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F137.0.0.0%20Safari%2F537.36; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR7rTmk3VJfE2-xFYVMx_jMHrySL1UEhI92_CkrFAzkOUejMxkzToJWQ8Tehjw_aem_aPI3g7JvzD-CD4FXhQ44Vg; tk_or=%22https%3A%2F%2Fwww.facebook.com%2F%22; tk_r3d=%22https%3A%2F%2Fwww.facebook.com%2F%22; tk_lr=%22https%3A%2F%2Fwww.facebook.com%2F%22; _fbc=fb.1.1753608067443.IwZXh0bgNhZW0CMTEAAR7rTmk3VJfE2-xFYVMx_jMHrySL1UEhI92_CkrFAzkOUejMxkzToJWQ8Tehjw_aem_aPI3g7JvzD-CD4FXhQ44Vg; _fbp=fb.1.1753608067466.539251329508437843 --f76dec0a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=regmq5032igonv0ck6a4idm3sr; expires=Sat, 25 Oct 2025 09:21:09 GMT; Max-Age=7776000; path=/; domain=opalparis.store; HttpOnly; SameSite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --f76dec0a-E-- --f76dec0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIXvg4PNf5P2DoUqNUynWgAAAIs"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIXvg4PNf5P2DoUqNUynWgAAAIs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608067581255 2210664 (- - -) Stopwatch2: 1753608067581255 2210664; combined=13905, p1=1471, p2=11928, p3=282, p4=51, p5=172, sr=161, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f76dec0a-Z-- --b6931e17-A-- [27/Jul/2025:12:24:27.177313 +0300] aIXwSYPNf5P2DoUqNUys0QAAAIE 173.252.127.39 60266 127.0.0.1 7081 --b6931e17-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 173.252.127.39 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 775 sec-ch-ua-platform: "Linux" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://opalparis.store sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://opalparis.store/?fbclid=IwZXh0bgNhZW0CMTEAAR4lmj3mYOeGZqVtjyUKhcF2ESwOuVCmzRKxOCIbs2W6IAMEq-pdcgk5_45VBA_aem_7jg46uuN-wURzoTJaPvY4g accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 x-fb-connecttimeout: 16000 priority: u=1, i cookie: sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2025-07-27%2009%3A24%3A23%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR4lmj3mYOeGZqVtjyUKhcF2ESwOuVCmzRKxOCIbs2W6IAMEq-pdcgk5_45VBA_aem_7jg46uuN-wURzoTJaPvY4g%7C%7C%7Crf%3Dhttps%3A%2F%2Fwww.facebook.com%2F; sbjs_first_add=fd%3D2025-07-27%2009%3A24%3A23%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR4lmj3mYOeGZqVtjyUKhcF2ESwOuVCmzRKxOCIbs2W6IAMEq-pdcgk5_45VBA_aem_7jg46uuN-wURzoTJaPvY4g%7C%7C%7Crf%3Dhttps%3A%2F%2Fwww.facebook.com%2F; sbjs_current=typ%3Dreferral%7C%7C%7Csrc%3Dfacebook.com%7C%7C%7Cmdm%3Dreferral%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%2F%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first=typ%3Dreferral%7C%7C%7Csrc%3Dfacebook.com%7C%7C%7Cmdm%3Dreferral%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%2F%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A84.0%29%20Gecko%2F20100101%20Firefox%2F84.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTEAAR4lmj3mYOeGZqVtjyUKhcF2ESwOuVCmzRKxOCIbs2W6IAMEq-pdcgk5_45VBA_aem_7jg46uuN-wURzoTJaPvY4g; tk_or=%22https%3A%2F%2Fwww.facebook.com%2F%22; tk_r3d=%22https%3A%2F%2Fwww.facebook.com%2F%22; tk_lr=%22https%3A%2F%2Fwww.facebook.com%2F%22; _fbc=fb.1.1753608265007.IwZXh0bgNhZW0CMTEAAR4lmj3mYOeGZqVtjyUKhcF2ESwOuVCmzRKxOCIbs2W6IAMEq-pdcgk5_45VBA_aem_7jg46uuN-wURzoTJaPvY4g; _fbp=fb.1.1753608265022.823563948985384204 --b6931e17-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=tvnao5bje0i390iljpuoq04ecm; expires=Sat, 25 Oct 2025 09:24:26 GMT; Max-Age=7776000; path=/; domain=opalparis.store; HttpOnly; SameSite=lax Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --b6931e17-E-- --b6931e17-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIXwSYPNf5P2DoUqNUys0QAAAIE"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIXwSYPNf5P2DoUqNUys0QAAAIE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608265123748 2053827 (- - -) Stopwatch2: 1753608265123748 2053827; combined=12411, p1=669, p2=11159, p3=349, p4=44, p5=189, sr=130, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6931e17-Z-- --08008f16-A-- [27/Jul/2025:12:25:19.441107 +0300] aIXwfoPNf5P2DoUqNUyutwAAAJc 90.214.236.66 39098 127.0.0.1 7081 --08008f16-B-- GET /administration/index.php?code=4/0AVMBsJindE_O8Kp9zKBApjwxQTXXrSmRkwpXB67fBDwD_PkxyTJqXxDpPmkg0Y6pMR6TqA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 90.214.236.66 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-encoding: gzip, deflate, br user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15 accept-language: en-us referer: https://accounts.google.com/ cookie: PHPSESSID=l56ftredvmkg30u15jv119ben1 --08008f16-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --08008f16-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIXwfoPNf5P2DoUqNUyutwAAAJc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608318605747 835533 (- - -) Stopwatch2: 1753608318605747 835533; combined=10967, p1=521, p2=10079, p3=137, p4=80, p5=150, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08008f16-Z-- --7d6d4c77-A-- [27/Jul/2025:12:26:35.405356 +0300] aIXwy1eG06QUq9l42nZxcAAAAAI 185.208.156.238 59642 127.0.0.1 7081 --7d6d4c77-B-- GET //wp-json/wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Ctable%25255fname%252520from%252520information%25255fschema%25252etables%25253B%252500 HTTP/1.0 Host: jinansystem.com X-Real-IP: 185.208.156.238 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 content-type: application/x-www-form-urlencoded sec-ch-ua-platform: Linux sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" cache-control: max-age=0 accept-encoding: * accept-language: en-US;q=0.9,en;q=0.9 --7d6d4c77-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --7d6d4c77-H-- Message: Warning. Pattern match "(?i:(?:[\\x22'`](?:;? ?\\b(?:having|select|union)\\b ?[^\\s]| ?! ?[\\x22'`\\w])|\\b(?:c(?:onnection_id|urrent_user)|database)\\b ?\\(|\\bunion\\b[\\w(\\s]*?select\\b|\\buser ?\\(|\\bschema ?\\(|\\bselect.{0,399}?\\w?\\buser ?\\(|\\binto[\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||jinansystem.com|F|2"] [data "Matched Data: \x22) union all select 1,table_name from information_schema.tables; found within MATCHED_VAR: \x22) union all select 1,table_name from information_schema.tables;"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\\\\\x22'`](?:;? ?\\\\\\\\b(?:having|select|union)\\\\\\\\b ?[^\\\\\\\\s]| ?! ?[\\\\\\\\x22'`\\\\\\\\w])|\\\\\\\\b(?:c(?:onnection_id|urrent_user)|database)\\\\\\\\b ?\\\\\\\\(|\\\\\\\\bunion\\\\\\\\b[\\\\\\\\w(\\\\\\\\s]*?select\\\\\\\\b|\\\\\\\\buser ?\\\\\\\\(|\\\\\\\\bschema ?\\\\\\\\(|\\\\\\\\bselect.{0,399}?\\\\\\\\w?\\\\\\\\buser ?\\\\\\\\(|\\\\\\\\binto[\\\\\\\\s+]+(?:dump|o ..." at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "27"] [id "211650"] [rev "12"] [msg "COMODO WAF: Detects MSSQL code execution and information gathering attempts||jinansystem.com|F|2"] [data "Matched Data: \\\\x22) union all select 1,table_name from information_schema.tables; found within MATCHED_VAR: \\\\x22) union all select 1,table_name from information_schema.tables;"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "jinansystem.com"] [uri "/wp-json/wc/store/products/collection-data"] [unique_id "aIXwy1eG06QUq9l42nZxcAAAAAI"] Stopwatch: 1753608395398315 7235 (- - -) Stopwatch2: 1753608395398315 7235; combined=5218, p1=576, p2=4408, p3=0, p4=0, p5=233, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7d6d4c77-Z-- --c0e19937-A-- [27/Jul/2025:12:34:51.996817 +0300] aIXyu1eG06QUq9l42nZ3jwAAAAQ 138.197.177.109 48666 127.0.0.1 7080 --c0e19937-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 138.197.177.109 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --c0e19937-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0e19937-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIXyu1eG06QUq9l42nZ3jwAAAAQ"] Stopwatch: 1753608891992645 4249 (- - -) Stopwatch2: 1753608891992645 4249; combined=2460, p1=510, p2=1800, p3=23, p4=32, p5=95, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0e19937-Z-- --e40d7a58-A-- [27/Jul/2025:12:34:52.114687 +0300] aIXyvIPNf5P2DoUqNUy9SwAAAJU 138.197.177.109 48682 127.0.0.1 7080 --e40d7a58-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 138.197.177.109 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --e40d7a58-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --e40d7a58-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.git/config"] [unique_id "aIXyvIPNf5P2DoUqNUy9SwAAAJU"] Stopwatch: 1753608892110473 4380 (- - -) Stopwatch2: 1753608892110473 4380; combined=2505, p1=511, p2=1819, p3=74, p4=34, p5=67, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e40d7a58-Z-- --22d3c66e-A-- [27/Jul/2025:12:36:19.743261 +0300] aIXzE4PNf5P2DoUqNUy_VQAAAJU 185.177.72.3 33762 127.0.0.1 7081 --22d3c66e-B-- GET /.env HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --22d3c66e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --22d3c66e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env"] [unique_id "aIXzE4PNf5P2DoUqNUy_VQAAAJU"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608979486769 256624 (- - -) Stopwatch2: 1753608979486769 256624; combined=2631, p1=544, p2=1956, p3=0, p4=0, p5=131, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --22d3c66e-Z-- --79c10d6f-A-- [27/Jul/2025:12:36:31.682154 +0300] aIXzH4PNf5P2DoUqNUy_ywAAAJA 185.177.72.3 59790 127.0.0.1 7081 --79c10d6f-B-- GET /.env.backup HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --79c10d6f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --79c10d6f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env.backup"] [unique_id "aIXzH4PNf5P2DoUqNUy_ywAAAJA"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hamomohsen.net"] [uri "/.env.backup"] [unique_id "aIXzH4PNf5P2DoUqNUy_ywAAAJA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608991424178 258069 (- - -) Stopwatch2: 1753608991424178 258069; combined=5075, p1=765, p2=4100, p3=0, p4=0, p5=209, sr=194, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79c10d6f-Z-- --fbfee85a-A-- [27/Jul/2025:12:36:32.001237 +0300] aIXzH4PNf5P2DoUqNUy_0AAAAI8 185.177.72.3 59824 127.0.0.1 7081 --fbfee85a-B-- GET /.env.bak HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fbfee85a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fbfee85a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env.bak"] [unique_id "aIXzH4PNf5P2DoUqNUy_0AAAAI8"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hamomohsen.net|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hamomohsen.net"] [uri "/.env.bak"] [unique_id "aIXzH4PNf5P2DoUqNUy_0AAAAI8"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753608991742590 258736 (- - -) Stopwatch2: 1753608991742590 258736; combined=2847, p1=605, p2=1985, p3=0, p4=0, p5=257, sr=185, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbfee85a-Z-- --8a410e2e-A-- [27/Jul/2025:12:36:44.002800 +0300] aIXzK4PNf5P2DoUqNUzAPQAAAIE 185.177.72.3 41820 127.0.0.1 7081 --8a410e2e-B-- GET /.env.dev HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8a410e2e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --8a410e2e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env.dev"] [unique_id "aIXzK4PNf5P2DoUqNUzAPQAAAIE"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753609003764234 238660 (- - -) Stopwatch2: 1753609003764234 238660; combined=2801, p1=659, p2=1933, p3=0, p4=0, p5=209, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a410e2e-Z-- --523cff66-A-- [27/Jul/2025:12:36:44.297253 +0300] aIXzLIPNf5P2DoUqNUzAPgAAAJU 185.177.72.3 41828 127.0.0.1 7081 --523cff66-B-- GET /.env.example HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --523cff66-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --523cff66-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env.example"] [unique_id "aIXzLIPNf5P2DoUqNUzAPgAAAJU"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753609004063991 233328 (- - -) Stopwatch2: 1753609004063991 233328; combined=2874, p1=766, p2=1995, p3=0, p4=0, p5=112, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --523cff66-Z-- --e987040e-A-- [27/Jul/2025:12:36:44.612883 +0300] aIXzLIPNf5P2DoUqNUzAQAAAAJQ 185.177.72.3 41848 127.0.0.1 7081 --e987040e-B-- GET /.env.local HTTP/1.0 Host: hamomohsen.net X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e987040e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --e987040e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env.local"] [unique_id "aIXzLIPNf5P2DoUqNUzAQAAAAJQ"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753609004361337 251613 (- - -) Stopwatch2: 1753609004361337 251613; combined=2407, p1=541, p2=1660, p3=0, p4=0, p5=205, sr=176, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e987040e-Z-- --ad1fa077-A-- [27/Jul/2025:12:40:38.151490 +0300] aIX0FoPNf5P2DoUqNUzGaQAAAIs 158.51.121.183 57162 127.0.0.1 7081 --ad1fa077-B-- GET /app_dev.php/_profiler/open?file=app/config/config.yml HTTP/1.0 Host: raqmix.cloud X-Real-IP: 158.51.121.183 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Accept: */* Accept-Encoding: gzip --ad1fa077-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ad1fa077-H-- Message: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "config.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||raqmix.cloud|F|2"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIX0FoPNf5P2DoUqNUzGaQAAAIs"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "config.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||raqmix.cloud|F|2"] [data "Matched Data: config.yml found within ARGS:file: app/config/config.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "raqmix.cloud"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIX0FoPNf5P2DoUqNUzGaQAAAIs"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753609238138472 13122 (- - -) Stopwatch2: 1753609238138472 13122; combined=3374, p1=594, p2=2457, p3=77, p4=77, p5=169, sr=163, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ad1fa077-Z-- --74a92329-A-- [27/Jul/2025:12:44:26.609327 +0300] aIX0-FeG06QUq9l42nZ-QQAAAA0 91.126.176.49 37124 127.0.0.1 7081 --74a92329-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 91.126.176.49 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 referer: http://glamilea.com/wp-login.php upgrade-insecure-requests: 1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --74a92329-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --74a92329-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIX0-FeG06QUq9l42nZ-QQAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753609464477117 2132418 (- - -) Stopwatch2: 1753609464477117 2132418; combined=4464, p1=669, p2=3636, p3=0, p4=0, p5=159, sr=214, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --74a92329-Z-- --c23c4320-A-- [27/Jul/2025:13:05:15.634569 +0300] aIX524PNf5P2DoUqNUzngAAAAIs 196.251.88.59 51202 127.0.0.1 7081 --c23c4320-B-- GET //globalhealthgate.net/assets/frontend/js/main.js HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 196.251.88.59 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Web Downloader/6.9 Accept-Charset: utf-8 Accept-Encoding: gzip --c23c4320-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Ild6WVhMUWwxSUhTd0hVL09OQll3a3c9PSIsInZhbHVlIjoiZWxmeHQvNklBc2hLTjV0MDFtbzlGZGhVR0xXenozTTFpWDEzZ3h2aGViYWFLR0hQNWlTbElZOFdOQUYzL0JkM2Q5NkMxMnlpY3dVb3p3TElOM2ZRcDgyWmRqSEZjN1VFa0krL0VPREtlanJvbmllOWlMekI4clJacWlrbkMyeTYiLCJtYWMiOiJkZDlhN2VhMDM1YmY1ZWI3MmM2YzA2ZGU1NzAzZmQyNGYxY2FjYWNiYzQwOThmMmQ1OWIzZDJlZjE4ZDg2ZTAzIiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 12:05:15 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=tA7wS9UT85CyWuMmIvohkd3yuNXgNpI2yaZw23yZ; expires=Sun, 27 Jul 2025 12:05:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --c23c4320-H-- Message: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\.weblogs\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\bdatacha0s\\b|; widows|\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||globalhealthgate.net|F|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\\\\\.weblogs\\\\\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\\\\\bdatacha0s\\\\\\\\b|; widows|\\\\\\\\\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||globalhealthgate.net|F|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "globalhealthgate.net"] [uri "/globalhealthgate.net/assets/frontend/js/main.js"] [unique_id "aIX524PNf5P2DoUqNUzngAAAAIs"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753610715180464 454269 (- - -) Stopwatch2: 1753610715180464 454269; combined=3031, p1=755, p2=1979, p3=0, p4=0, p5=296, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c23c4320-Z-- --a477626a-A-- [27/Jul/2025:13:26:44.263746 +0300] aIX-5FeG06QUq9l42naYGgAAABE 34.136.76.248 53724 127.0.0.1 7081 --a477626a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 34.136.76.248 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --a477626a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --a477626a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIX-5FeG06QUq9l42naYGgAAABE"] Stopwatch: 1753612004257529 6353 (- - -) Stopwatch2: 1753612004257529 6353; combined=3603, p1=738, p2=2745, p3=0, p4=0, p5=120, sr=163, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a477626a-Z-- --6b17f610-A-- [27/Jul/2025:13:29:27.791165 +0300] aIX_h1eG06QUq9l42naZyQAAAAc 34.28.97.253 33586 127.0.0.1 7081 --6b17f610-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 34.28.97.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --6b17f610-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --6b17f610-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIX_h1eG06QUq9l42naZyQAAAAc"] Stopwatch: 1753612167786189 5074 (- - -) Stopwatch2: 1753612167786189 5074; combined=2992, p1=634, p2=2278, p3=0, p4=0, p5=79, sr=218, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b17f610-Z-- --b3da7526-A-- [27/Jul/2025:13:33:19.939581 +0300] aIYAb4PNf5P2DoUqNUwNKgAAAIA 37.27.108.152 48592 127.0.0.1 7081 --b3da7526-B-- GET /core/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --b3da7526-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --b3da7526-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/core/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNKgAAAIA"] Stopwatch: 1753612399875454 64323 (- - -) Stopwatch2: 1753612399875454 64323; combined=3750, p1=585, p2=3004, p3=50, p4=26, p5=85, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b3da7526-Z-- --325d266c-A-- [27/Jul/2025:13:33:19.980775 +0300] aIYAb4PNf5P2DoUqNUwNKwAAAJE 37.27.108.152 48596 127.0.0.1 7081 --325d266c-B-- GET /.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --325d266c-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --325d266c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNKwAAAJE"] Stopwatch: 1753612399880539 100431 (- - -) Stopwatch2: 1753612399880539 100431; combined=3166, p1=517, p2=2466, p3=47, p4=37, p5=99, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --325d266c-Z-- --1a6f8a71-A-- [27/Jul/2025:13:33:20.007529 +0300] aIYAb4PNf5P2DoUqNUwNLAAAAIQ 37.27.108.152 48598 127.0.0.1 7081 --1a6f8a71-B-- GET /dev/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --1a6f8a71-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --1a6f8a71-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/dev/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNLAAAAIQ"] Stopwatch: 1753612399884175 123473 (- - -) Stopwatch2: 1753612399884175 123473; combined=2853, p1=654, p2=2015, p3=53, p4=36, p5=94, sr=258, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a6f8a71-Z-- --5130951d-A-- [27/Jul/2025:13:33:20.027629 +0300] aIYAb1eG06QUq9l42nac5AAAABc 37.27.108.152 48618 127.0.0.1 7081 --5130951d-B-- GET /app/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --5130951d-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --5130951d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/app/.env"] [unique_id "aIYAb1eG06QUq9l42nac5AAAABc"] Stopwatch: 1753612399889113 138676 (- - -) Stopwatch2: 1753612399889113 138676; combined=3106, p1=735, p2=2120, p3=62, p4=56, p5=132, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5130951d-Z-- --f8d3c029-A-- [27/Jul/2025:13:33:20.045291 +0300] aIYAb4PNf5P2DoUqNUwNLQAAAII 37.27.108.152 48604 127.0.0.1 7081 --f8d3c029-B-- GET /.env.production HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --f8d3c029-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --f8d3c029-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.env.production"] [unique_id "aIYAb4PNf5P2DoUqNUwNLQAAAII"] Stopwatch: 1753612399891386 154007 (- - -) Stopwatch2: 1753612399891386 154007; combined=3472, p1=1344, p2=1890, p3=73, p4=56, p5=108, sr=159, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f8d3c029-Z-- --2174ca3d-A-- [27/Jul/2025:13:33:20.064318 +0300] aIYAb1eG06QUq9l42nac5gAAABU 37.27.108.152 48632 127.0.0.1 7081 --2174ca3d-B-- GET /admin/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --2174ca3d-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --2174ca3d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/admin/.env"] [unique_id "aIYAb1eG06QUq9l42nac5gAAABU"] Stopwatch: 1753612399898072 166319 (- - -) Stopwatch2: 1753612399898072 166319; combined=2371, p1=385, p2=1759, p3=89, p4=49, p5=88, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2174ca3d-Z-- --c182de3e-A-- [27/Jul/2025:13:33:20.083983 +0300] aIYAb1eG06QUq9l42nac5QAAAAs 37.27.108.152 48624 127.0.0.1 7081 --c182de3e-B-- GET /admin/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --c182de3e-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --c182de3e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/admin/.env"] [unique_id "aIYAb1eG06QUq9l42nac5QAAAAs"] Stopwatch: 1753612399897308 186775 (- - -) Stopwatch2: 1753612399897308 186775; combined=2677, p1=615, p2=1747, p3=56, p4=51, p5=207, sr=264, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c182de3e-Z-- --d58d7107-A-- [27/Jul/2025:13:33:20.105105 +0300] aIYAb4PNf5P2DoUqNUwNLgAAAJI 37.27.108.152 48642 127.0.0.1 7081 --d58d7107-B-- GET /.env.save HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --d58d7107-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --d58d7107-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.env.save"] [unique_id "aIYAb4PNf5P2DoUqNUwNLgAAAJI"] Stopwatch: 1753612399904083 201301 (- - -) Stopwatch2: 1753612399904083 201301; combined=2579, p1=478, p2=1731, p3=75, p4=45, p5=249, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d58d7107-Z-- --cf9e5c4f-A-- [27/Jul/2025:13:33:20.123541 +0300] aIYAb4PNf5P2DoUqNUwNLwAAAIg 37.27.108.152 48640 127.0.0.1 7081 --cf9e5c4f-B-- GET /.env.save HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --cf9e5c4f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --cf9e5c4f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/.env.save"] [unique_id "aIYAb4PNf5P2DoUqNUwNLwAAAIg"] Stopwatch: 1753612399905503 218129 (- - -) Stopwatch2: 1753612399905503 218129; combined=3123, p1=523, p2=2210, p3=76, p4=85, p5=228, sr=141, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf9e5c4f-Z-- --92a58e67-A-- [27/Jul/2025:13:33:20.171172 +0300] aIYAb1eG06QUq9l42nac5wAAABA 37.27.108.152 48646 127.0.0.1 7081 --92a58e67-B-- GET /laravel/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --92a58e67-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --92a58e67-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/laravel/.env"] [unique_id "aIYAb1eG06QUq9l42nac5wAAABA"] Stopwatch: 1753612399907548 263751 (- - -) Stopwatch2: 1753612399907548 263751; combined=2375, p1=382, p2=1757, p3=59, p4=45, p5=131, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92a58e67-Z-- --bf291338-A-- [27/Jul/2025:13:33:20.195862 +0300] aIYAb1eG06QUq9l42nac6AAAABM 37.27.108.152 48670 127.0.0.1 7081 --bf291338-B-- GET /api/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --bf291338-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --bf291338-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/api/.env"] [unique_id "aIYAb1eG06QUq9l42nac6AAAABM"] Stopwatch: 1753612399910068 285892 (- - -) Stopwatch2: 1753612399910068 285892; combined=3357, p1=551, p2=2459, p3=68, p4=69, p5=209, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bf291338-Z-- --ca101c25-A-- [27/Jul/2025:13:33:20.228335 +0300] aIYAb4PNf5P2DoUqNUwNMAAAAIw 37.27.108.152 48658 127.0.0.1 7081 --ca101c25-B-- GET /.env.production HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --ca101c25-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --ca101c25-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/.env.production"] [unique_id "aIYAb4PNf5P2DoUqNUwNMAAAAIw"] Stopwatch: 1753612399911469 317010 (- - -) Stopwatch2: 1753612399911469 317010; combined=2199, p1=442, p2=1536, p3=49, p4=52, p5=119, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca101c25-Z-- --e3c5df71-A-- [27/Jul/2025:13:33:20.259829 +0300] aIYAb4PNf5P2DoUqNUwNMgAAAIo 37.27.108.152 48694 127.0.0.1 7081 --e3c5df71-B-- GET /dev/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --e3c5df71-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --e3c5df71-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/dev/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNMgAAAIo"] Stopwatch: 1753612399920004 339958 (- - -) Stopwatch2: 1753612399920004 339958; combined=2224, p1=376, p2=1496, p3=51, p4=58, p5=242, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e3c5df71-Z-- --75ca2246-A-- [27/Jul/2025:13:33:20.285482 +0300] aIYAb4PNf5P2DoUqNUwNMwAAAI4 37.27.108.152 48698 127.0.0.1 7081 --75ca2246-B-- GET /app/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --75ca2246-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --75ca2246-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/app/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNMwAAAI4"] Stopwatch: 1753612399920792 364787 (- - -) Stopwatch2: 1753612399920792 364787; combined=2036, p1=433, p2=1349, p3=67, p4=77, p5=110, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --75ca2246-Z-- --c0429259-A-- [27/Jul/2025:13:33:20.306017 +0300] aIYAb4PNf5P2DoUqNUwNNQAAAJg 37.27.108.152 48716 127.0.0.1 7081 --c0429259-B-- GET /.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --c0429259-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --c0429259-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNNQAAAJg"] Stopwatch: 1753612399924264 381828 (- - -) Stopwatch2: 1753612399924264 381828; combined=1988, p1=423, p2=1348, p3=59, p4=52, p5=105, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0429259-Z-- --0acc3219-A-- [27/Jul/2025:13:33:20.329264 +0300] aIYAb4PNf5P2DoUqNUwNNAAAAIY 37.27.108.152 48702 127.0.0.1 7081 --0acc3219-B-- GET /laravel/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --0acc3219-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --0acc3219-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/laravel/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNNAAAAIY"] Stopwatch: 1753612399922986 406352 (- - -) Stopwatch2: 1753612399922986 406352; combined=2981, p1=416, p2=1977, p3=62, p4=406, p5=119, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0acc3219-Z-- --afca036e-A-- [27/Jul/2025:13:33:20.346017 +0300] aIYAb4PNf5P2DoUqNUwNNgAAAIs 37.27.108.152 48718 127.0.0.1 7081 --afca036e-B-- GET /core/.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --afca036e-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --afca036e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/core/.env"] [unique_id "aIYAb4PNf5P2DoUqNUwNNgAAAIs"] Stopwatch: 1753612399930498 415604 (- - -) Stopwatch2: 1753612399930498 415604; combined=2774, p1=385, p2=2157, p3=65, p4=77, p5=89, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --afca036e-Z-- --62c28e1f-A-- [27/Jul/2025:13:33:20.355582 +0300] aIYAcIPNf5P2DoUqNUwNOAAAAIM 37.27.108.152 48732 127.0.0.1 7081 --62c28e1f-B-- GET /api/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --62c28e1f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --62c28e1f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/api/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNOAAAAIM"] Stopwatch: 1753612400001264 354406 (- - -) Stopwatch2: 1753612400001264 354406; combined=3748, p1=828, p2=2695, p3=51, p4=37, p5=136, sr=198, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62c28e1f-Z-- --de82cd17-A-- [27/Jul/2025:13:33:20.414812 +0300] aIYAcFeG06QUq9l42nac6gAAABI 37.27.108.152 48776 127.0.0.1 7081 --de82cd17-B-- GET /.env.production HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --de82cd17-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --de82cd17-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.production"] [unique_id "aIYAcFeG06QUq9l42nac6gAAABI"] Stopwatch: 1753612400125777 289114 (- - -) Stopwatch2: 1753612400125777 289114; combined=3402, p1=553, p2=2539, p3=71, p4=59, p5=179, sr=156, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de82cd17-Z-- --1e9c9850-A-- [27/Jul/2025:13:33:20.414979 +0300] aIYAcIPNf5P2DoUqNUwNOwAAAIU 37.27.108.152 48756 127.0.0.1 7081 --1e9c9850-B-- GET /api/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --1e9c9850-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --1e9c9850-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/api/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNOwAAAIU"] Stopwatch: 1753612400118110 296952 (- - -) Stopwatch2: 1753612400118110 296952; combined=3867, p1=826, p2=2794, p3=38, p4=26, p5=182, sr=220, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e9c9850-Z-- --ef645319-A-- [27/Jul/2025:13:33:20.415175 +0300] aIYAcFeG06QUq9l42nac6wAAAAM 37.27.108.152 48780 127.0.0.1 7081 --ef645319-B-- GET /.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --ef645319-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --ef645319-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env"] [unique_id "aIYAcFeG06QUq9l42nac6wAAAAM"] Stopwatch: 1753612400137090 278197 (- - -) Stopwatch2: 1753612400137090 278197; combined=3113, p1=741, p2=2139, p3=32, p4=22, p5=178, sr=182, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef645319-Z-- --ac220153-A-- [27/Jul/2025:13:33:20.415525 +0300] aIYAcIPNf5P2DoUqNUwNPQAAAJQ 37.27.108.152 48778 127.0.0.1 7081 --ac220153-B-- GET /core/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --ac220153-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --ac220153-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/core/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNPQAAAJQ"] Stopwatch: 1753612400128324 287314 (- - -) Stopwatch2: 1753612400128324 287314; combined=3819, p1=727, p2=2945, p3=53, p4=39, p5=55, sr=158, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac220153-Z-- --0357f43b-A-- [27/Jul/2025:13:33:20.415817 +0300] aIYAcIPNf5P2DoUqNUwNQAAAAIQ 37.27.108.152 48786 127.0.0.1 7081 --0357f43b-B-- GET /laravel/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --0357f43b-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --0357f43b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/laravel/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNQAAAAIQ"] Stopwatch: 1753612400228429 187480 (- - -) Stopwatch2: 1753612400228429 187480; combined=3679, p1=716, p2=2811, p3=37, p4=28, p5=86, sr=192, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0357f43b-Z-- --7518f952-A-- [27/Jul/2025:13:33:20.416090 +0300] aIYAcIPNf5P2DoUqNUwNPgAAAIA 37.27.108.152 48764 127.0.0.1 7081 --7518f952-B-- GET /dev/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --7518f952-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --7518f952-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/dev/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNPgAAAIA"] Stopwatch: 1753612400130373 285848 (- - -) Stopwatch2: 1753612400130373 285848; combined=2931, p1=637, p2=2088, p3=38, p4=38, p5=129, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7518f952-Z-- --a9976469-A-- [27/Jul/2025:13:33:20.416360 +0300] aIYAcIPNf5P2DoUqNUwNPAAAAJY 37.27.108.152 48760 127.0.0.1 7081 --a9976469-B-- GET /.env.save HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --a9976469-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --a9976469-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.save"] [unique_id "aIYAcIPNf5P2DoUqNUwNPAAAAJY"] Stopwatch: 1753612400122180 294285 (- - -) Stopwatch2: 1753612400122180 294285; combined=3974, p1=1912, p2=1847, p3=46, p4=38, p5=130, sr=159, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a9976469-Z-- --e605172a-A-- [27/Jul/2025:13:33:20.416551 +0300] aIYAcIPNf5P2DoUqNUwNOgAAAJA 37.27.108.152 48750 127.0.0.1 7081 --e605172a-B-- GET /admin/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --e605172a-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --e605172a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/admin/.env"] [unique_id "aIYAcIPNf5P2DoUqNUwNOgAAAJA"] Stopwatch: 1753612400112491 304146 (- - -) Stopwatch2: 1753612400112491 304146; combined=3528, p1=598, p2=2654, p3=39, p4=69, p5=168, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e605172a-Z-- --550bad1e-A-- [27/Jul/2025:13:33:20.416789 +0300] aIYAcFeG06QUq9l42nac6QAAAA8 37.27.108.152 48744 127.0.0.1 7081 --550bad1e-B-- GET /app/.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 37.27.108.152 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --550bad1e-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --550bad1e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/app/.env"] [unique_id "aIYAcFeG06QUq9l42nac6QAAAA8"] Stopwatch: 1753612400106489 310386 (- - -) Stopwatch2: 1753612400106489 310386; combined=3666, p1=501, p2=2349, p3=691, p4=31, p5=93, sr=158, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --550bad1e-Z-- --a86f9569-A-- [27/Jul/2025:13:33:51.734066 +0300] aIYAj1eG06QUq9l42nadWwAAAAo 185.177.72.3 57564 127.0.0.1 7081 --a86f9569-B-- GET /.env HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a86f9569-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --a86f9569-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env"] [unique_id "aIYAj1eG06QUq9l42nadWwAAAAo"] Stopwatch: 1753612431463086 271096 (- - -) Stopwatch2: 1753612431463086 271096; combined=2795, p1=722, p2=1875, p3=64, p4=45, p5=88, sr=220, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a86f9569-Z-- --dcbe992a-A-- [27/Jul/2025:13:33:59.391537 +0300] aIYAl4PNf5P2DoUqNUwOWgAAAIM 185.177.72.3 32864 127.0.0.1 7081 --dcbe992a-B-- GET /.env.backup HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dcbe992a-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --dcbe992a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.backup"] [unique_id "aIYAl4PNf5P2DoUqNUwOWgAAAIM"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/.env.backup"] [unique_id "aIYAl4PNf5P2DoUqNUwOWgAAAIM"] Stopwatch: 1753612439131475 260172 (- - -) Stopwatch2: 1753612439131475 260172; combined=3223, p1=699, p2=2271, p3=56, p4=39, p5=158, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dcbe992a-Z-- --4a2f1550-A-- [27/Jul/2025:13:33:59.748886 +0300] aIYAl1eG06QUq9l42nadYgAAAA4 185.177.72.3 32884 127.0.0.1 7081 --4a2f1550-B-- GET /.env.bak HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4a2f1550-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --4a2f1550-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.bak"] [unique_id "aIYAl1eG06QUq9l42nadYgAAAA4"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||test.own-dev.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.own-dev.com"] [uri "/.env.bak"] [unique_id "aIYAl1eG06QUq9l42nadYgAAAA4"] Stopwatch: 1753612439452057 296915 (- - -) Stopwatch2: 1753612439452057 296915; combined=2476, p1=461, p2=1776, p3=65, p4=39, p5=134, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a2f1550-Z-- --2144ba56-A-- [27/Jul/2025:13:34:07.438048 +0300] aIYAn4PNf5P2DoUqNUwOigAAAIU 185.177.72.3 40868 127.0.0.1 7081 --2144ba56-B-- GET /.env.dev HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2144ba56-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --2144ba56-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.dev"] [unique_id "aIYAn4PNf5P2DoUqNUwOigAAAIU"] Stopwatch: 1753612447150482 287639 (- - -) Stopwatch2: 1753612447150482 287639; combined=2956, p1=515, p2=2262, p3=64, p4=39, p5=75, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2144ba56-Z-- --1eaa2252-A-- [27/Jul/2025:13:34:07.785338 +0300] aIYAn4PNf5P2DoUqNUwOjgAAAIw 185.177.72.3 40902 127.0.0.1 7081 --1eaa2252-B-- GET /.env.example HTTP/1.0 Host: test.own-dev.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1eaa2252-F-- HTTP/1.1 500 Internal Server Error cache-control: no-cache, no-store, must-revalidate Upgrade: h2,h2c Content-Length: 4393 Status: 500 Internal Server Error Connection: close Content-Type: text/html; charset=UTF-8 --1eaa2252-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.own-dev.com"] [uri "/.env.example"] [unique_id "aIYAn4PNf5P2DoUqNUwOjgAAAIw"] Stopwatch: 1753612447506178 279371 (- - -) Stopwatch2: 1753612447506178 279371; combined=4270, p1=587, p2=3451, p3=52, p4=39, p5=140, sr=188, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1eaa2252-Z-- --5b0c5961-A-- [27/Jul/2025:13:34:39.985913 +0300] aIYAv4PNf5P2DoUqNUwPewAAAI0 45.131.195.145 56308 127.0.0.1 7081 --5b0c5961-B-- GET /.git/config HTTP/1.0 Host: internetlb.com X-Real-IP: 45.131.195.145 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozila/5.0 Referer: http://internetlb.com/.git/config Accept-Encoding: gzip --5b0c5961-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 12 Dec 2016 17:20:28 GMT ETag: "405-5437951ed94a5" Accept-Ranges: bytes Content-Length: 1029 Content-Type: text/html --5b0c5961-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "internetlb.com"] [uri "/.git/config"] [unique_id "aIYAv4PNf5P2DoUqNUwPewAAAI0"] Stopwatch: 1753612479981109 4890 (- - -) Stopwatch2: 1753612479981109 4890; combined=2928, p1=724, p2=2069, p3=0, p4=0, p5=135, sr=204, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5b0c5961-Z-- --36d5fb0f-A-- [27/Jul/2025:13:41:17.778453 +0300] aIYCTRB5TQNFyOC7zspiCgAAAII 78.40.176.204 38650 127.0.0.1 7081 --36d5fb0f-B-- GET /administration/index.php?code=4/0AVMBsJgfacO88VcRuq36Bo3jFOVZ3GYoTUti4CngX5Gr8g74jbhQeIPw2-k_Gzxs7AwWAQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=15n2l9svo3nq47m8912bc4k0b5 --36d5fb0f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --36d5fb0f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIYCTRB5TQNFyOC7zspiCgAAAII"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753612877303773 474875 (- - -) Stopwatch2: 1753612877303773 474875; combined=4348, p1=466, p2=3590, p3=112, p4=55, p5=125, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --36d5fb0f-Z-- --ab948615-A-- [27/Jul/2025:13:41:44.758268 +0300] aIYCaBB5TQNFyOC7zspiSwAAAII 78.40.176.204 48170 127.0.0.1 7081 --ab948615-B-- GET /administration/index.php?code=4/0AVMBsJhwAQq8ow2y-Os3yvf05qjP_-YGG50XnCl6_j3dkJ55Zz-TUvoGI0pKf3OkOGJAlw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=15n2l9svo3nq47m8912bc4k0b5 --ab948615-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --ab948615-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIYCaBB5TQNFyOC7zspiSwAAAII"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753612904275780 482615 (- - -) Stopwatch2: 1753612904275780 482615; combined=92374, p1=559, p2=4057, p3=144, p4=161, p5=43788, sr=134, sw=1, l=0, gc=43664 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ab948615-Z-- --98380016-A-- [27/Jul/2025:13:54:29.119833 +0300] aIYFZRRgfRw0MwNhOFyFSQAAAAg 195.178.110.68 48598 127.0.0.1 7081 --98380016-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --98380016-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --98380016-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYFZRRgfRw0MwNhOFyFSQAAAAg"] Stopwatch: 1753613669101557 18391 (- - -) Stopwatch2: 1753613669101557 18391; combined=3093, p1=566, p2=2394, p3=0, p4=0, p5=132, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98380016-Z-- --fd050571-A-- [27/Jul/2025:13:54:29.473826 +0300] aIYFZRRgfRw0MwNhOFyFSgAAAA8 195.178.110.68 48602 127.0.0.1 7081 --fd050571-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://admin.own-dev.com/.git/config Accept-Encoding: gzip --fd050571-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --fd050571-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYFZRRgfRw0MwNhOFyFSgAAAA8"] Stopwatch: 1753613669468791 5138 (- - -) Stopwatch2: 1753613669468791 5138; combined=3019, p1=724, p2=2213, p3=0, p4=0, p5=82, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd050571-Z-- --b82b024c-A-- [27/Jul/2025:13:54:35.291361 +0300] aIYFa5FQsYdrchqBlhEqCAAAAE4 139.59.136.184 38030 127.0.0.1 7081 --b82b024c-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 139.59.136.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --b82b024c-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b82b024c-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||admin.own-dev.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||admin.own-dev.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "admin.own-dev.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIYFa5FQsYdrchqBlhEqCAAAAE4"] Stopwatch: 1753613675284242 7193 (- - -) Stopwatch2: 1753613675284242 7193; combined=5113, p1=707, p2=4286, p3=0, p4=0, p5=119, sr=176, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b82b024c-Z-- --fe25d855-A-- [27/Jul/2025:13:54:37.366080 +0300] aIYFbRRgfRw0MwNhOFyFlgAAAAk 139.59.136.184 38348 127.0.0.1 7081 --fe25d855-B-- GET /.env HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 139.59.136.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --fe25d855-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --fe25d855-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.env"] [unique_id "aIYFbRRgfRw0MwNhOFyFlgAAAAk"] Stopwatch: 1753613677361722 4461 (- - -) Stopwatch2: 1753613677361722 4461; combined=2594, p1=477, p2=2014, p3=0, p4=0, p5=103, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe25d855-Z-- --37f57527-A-- [27/Jul/2025:13:54:37.533465 +0300] aIYFbRRgfRw0MwNhOFyFlwAAABE 139.59.136.184 38382 127.0.0.1 7081 --37f57527-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 139.59.136.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --37f57527-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --37f57527-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYFbRRgfRw0MwNhOFyFlwAAABE"] Stopwatch: 1753613677529495 4045 (- - -) Stopwatch2: 1753613677529495 4045; combined=2363, p1=462, p2=1839, p3=0, p4=0, p5=61, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --37f57527-Z-- --01d2c866-A-- [27/Jul/2025:13:54:39.342742 +0300] aIYFb5FQsYdrchqBlhEqIQAAAEo 93.123.109.64 38574 127.0.0.1 7081 --01d2c866-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux armv61; en-US; rv:1.9.1b2pre) Gecko/20081015 Fennec/1.0a1 Accept-Charset: utf-8 Accept-Encoding: gzip --01d2c866-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --01d2c866-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYFb5FQsYdrchqBlhEqIQAAAEo"] Stopwatch: 1753613679337597 5237 (- - -) Stopwatch2: 1753613679337597 5237; combined=3047, p1=654, p2=2226, p3=0, p4=0, p5=167, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01d2c866-Z-- --8a617e70-A-- [27/Jul/2025:13:55:48.101493 +0300] aIYFtJFQsYdrchqBlhEq4gAAAEI 104.131.20.165 39582 127.0.0.1 7081 --8a617e70-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 104.131.20.165 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document accept-language: en-US,en;q=0.5 sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 cookie: wordpress_test_cookie=WP%20Cookie%20check --8a617e70-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --8a617e70-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIYFtJFQsYdrchqBlhEq4gAAAEI"] Stopwatch: 1753613748096036 5579 (- - -) Stopwatch2: 1753613748096036 5579; combined=3501, p1=734, p2=2686, p3=0, p4=0, p5=81, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a617e70-Z-- --954a6759-A-- [27/Jul/2025:14:01:28.453292 +0300] aIYHCBRgfRw0MwNhOFyQnwAAAAo 35.187.162.183 60202 127.0.0.1 7081 --954a6759-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 35.187.162.183 X-Accel-Internal: /internal-nginx-static-location Connection: close upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br sec-fetch-user: ?1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 cookie: wordpress_test_cookie=WP%20Cookie%20check --954a6759-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --954a6759-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIYHCBRgfRw0MwNhOFyQnwAAAAo"] Stopwatch: 1753614088448174 5242 (- - -) Stopwatch2: 1753614088448174 5242; combined=3310, p1=469, p2=2689, p3=0, p4=0, p5=152, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --954a6759-Z-- --16250f6e-A-- [27/Jul/2025:14:13:39.529505 +0300] aIYJ4xRgfRw0MwNhOFykwwAAAAo 196.251.88.59 50470 127.0.0.1 7081 --16250f6e-B-- GET / HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 196.251.88.59 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Web Downloader/6.9 Accept-Charset: utf-8 Accept-Encoding: gzip --16250f6e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6ImJCcnhRUzl0WFdWWlFWc3BCMnhGc2c9PSIsInZhbHVlIjoiYWpPS1IxNDIyL2dxRmQrSnRDanB5blVZYlFWWHBmQlJLaUhrcGdmdnV1MWpHU2ZoOVoxOFpjdXMxWnlkNmltWVREY2VnVFlJUU1hTjlpTms2RkZWbG5ScnlOek5XSURjZGgxOEw4Wk9OWk92bmtHejYxS2FaQXFSSEM5bE9qZ0YiLCJtYWMiOiI1MWVlZmZjMDdiZTEyNjFiMDdkOTdjYmJmNTBmNWIxYjlhMzI2ZjI1NzQ3NGE1ZmMzMTBkODNlYjM4M2U1ODM0IiwidGFnIjoiIn0%3D; expires=Sun, 27 Jul 2025 13:13:39 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=7vz2JQNBkbvWiDyCJg2TkthtUWJ6wDX5HgY9cLSE; expires=Sun, 27 Jul 2025 13:13:39 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 8691 Content-Type: text/html; charset=UTF-8 --16250f6e-H-- Message: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\.weblogs\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\bdatacha0s\\b|; widows|\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||globalhealthgate.net|F|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\\\\\.weblogs\\\\\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\\\\\bdatacha0s\\\\\\\\b|; widows|\\\\\\\\\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||globalhealthgate.net|F|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "globalhealthgate.net"] [uri "/"] [unique_id "aIYJ4xRgfRw0MwNhOFykwwAAAAo"] Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/globalhealthgate.net/public_html/index.cgi Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/globalhealthgate.net/public_html/index.pl Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753614819097659 432124 (- - -) Stopwatch2: 1753614819097659 432124; combined=7559, p1=592, p2=2273, p3=112, p4=4379, p5=202, sr=215, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16250f6e-Z-- --1da4c141-A-- [27/Jul/2025:14:18:03.679867 +0300] aIYK65FQsYdrchqBlhE63QAAAEc 109.202.99.36 38270 127.0.0.1 7081 --1da4c141-B-- GET /web.config HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --1da4c141-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Thu, 20 Feb 2025 16:00:46 GMT ETag: "34f-62e94fa154780" Accept-Ranges: bytes Content-Length: 847 --1da4c141-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/web.config"] [unique_id "aIYK65FQsYdrchqBlhE63QAAAEc"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/web.config"] [unique_id "aIYK65FQsYdrchqBlhE63QAAAEc"] Stopwatch: 1753615083515110 164870 (- - -) Stopwatch2: 1753615083515110 164870; combined=2994, p1=593, p2=2074, p3=35, p4=39, p5=248, sr=130, sw=5, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1da4c141-Z-- --414cf617-A-- [27/Jul/2025:14:18:03.701761 +0300] aIYK6xRgfRw0MwNhOFysDAAAAAs 109.202.99.36 38316 127.0.0.1 7081 --414cf617-B-- GET /database.sql HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --414cf617-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --414cf617-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/database.sql"] [unique_id "aIYK6xRgfRw0MwNhOFysDAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083672478 29400 (- - -) Stopwatch2: 1753615083672478 29400; combined=2823, p1=503, p2=2200, p3=0, p4=0, p5=119, sr=160, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --414cf617-Z-- --e1ca3568-A-- [27/Jul/2025:14:18:03.711604 +0300] aIYK6xRgfRw0MwNhOFysDQAAAAY 109.202.99.36 38320 127.0.0.1 7081 --e1ca3568-B-- GET /.git/HEAD HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --e1ca3568-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --e1ca3568-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.git/HEAD"] [unique_id "aIYK6xRgfRw0MwNhOFysDQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083679126 32620 (- - -) Stopwatch2: 1753615083679126 32620; combined=5756, p1=1669, p2=3945, p3=0, p4=0, p5=141, sr=732, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1ca3568-Z-- --328a1c00-A-- [27/Jul/2025:14:18:03.749488 +0300] aIYK6xRgfRw0MwNhOFysEgAAAA8 109.202.99.36 38394 127.0.0.1 7081 --328a1c00-B-- GET /dump.sql HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --328a1c00-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --328a1c00-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/dump.sql"] [unique_id "aIYK6xRgfRw0MwNhOFysEgAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083737529 12015 (- - -) Stopwatch2: 1753615083737529 12015; combined=2703, p1=350, p2=2267, p3=0, p4=0, p5=85, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --328a1c00-Z-- --4ba0780c-A-- [27/Jul/2025:14:18:03.751030 +0300] aIYK6xRgfRw0MwNhOFysEwAAABM 109.202.99.36 38402 127.0.0.1 7081 --4ba0780c-B-- GET /etc/ssl/private/server.key HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --4ba0780c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --4ba0780c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/etc/ssl/private/server.key"] [unique_id "aIYK6xRgfRw0MwNhOFysEwAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083738973 12112 (- - -) Stopwatch2: 1753615083738973 12112; combined=2103, p1=390, p2=1635, p3=0, p4=0, p5=78, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ba0780c-Z-- --3bf3ea56-A-- [27/Jul/2025:14:18:03.755608 +0300] aIYK6xRgfRw0MwNhOFysFQAAABA 109.202.99.36 38436 127.0.0.1 7081 --3bf3ea56-B-- GET /.env HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --3bf3ea56-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --3bf3ea56-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.env"] [unique_id "aIYK6xRgfRw0MwNhOFysFQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083744900 10762 (- - -) Stopwatch2: 1753615083744900 10762; combined=2046, p1=459, p2=1514, p3=0, p4=0, p5=72, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3bf3ea56-Z-- --6e157456-A-- [27/Jul/2025:14:18:03.765632 +0300] aIYK6xRgfRw0MwNhOFysFgAAABU 109.202.99.36 38438 127.0.0.1 7081 --6e157456-B-- GET /backup.sql HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --6e157456-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --6e157456-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/backup.sql"] [unique_id "aIYK6xRgfRw0MwNhOFysFgAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083752587 13172 (- - -) Stopwatch2: 1753615083752587 13172; combined=3055, p1=382, p2=2594, p3=0, p4=0, p5=79, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6e157456-Z-- --0ab2d248-A-- [27/Jul/2025:14:18:03.800947 +0300] aIYK6xRgfRw0MwNhOFysFwAAAA0 109.202.99.36 38448 127.0.0.1 7081 --0ab2d248-B-- GET /wp-config.php HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --0ab2d248-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --0ab2d248-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/wp-config.php"] [unique_id "aIYK6xRgfRw0MwNhOFysFwAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083786119 14883 (- - -) Stopwatch2: 1753615083786119 14883; combined=3024, p1=729, p2=2181, p3=0, p4=0, p5=114, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0ab2d248-Z-- --cef24357-A-- [27/Jul/2025:14:18:03.802456 +0300] aIYK65FQsYdrchqBlhE64wAAAEo 109.202.99.36 38454 127.0.0.1 7081 --cef24357-B-- GET /api/.env HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --cef24357-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --cef24357-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/api/.env"] [unique_id "aIYK65FQsYdrchqBlhE64wAAAEo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083791664 10847 (- - -) Stopwatch2: 1753615083791664 10847; combined=2251, p1=484, p2=1682, p3=0, p4=0, p5=85, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cef24357-Z-- --221d6206-A-- [27/Jul/2025:14:18:03.809304 +0300] aIYK6xRgfRw0MwNhOFysGAAAAAY 109.202.99.36 38470 127.0.0.1 7081 --221d6206-B-- GET /.svn/wc.db HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --221d6206-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --221d6206-H-- Message: Warning. Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.svn/wc.db"] [unique_id "aIYK6xRgfRw0MwNhOFysGAAAAAY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/.svn/wc.db"] [unique_id "aIYK6xRgfRw0MwNhOFysGAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083798078 11282 (- - -) Stopwatch2: 1753615083798078 11282; combined=3286, p1=625, p2=2518, p3=0, p4=0, p5=142, sr=164, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --221d6206-Z-- --8b052974-A-- [27/Jul/2025:14:18:03.924370 +0300] aIYK65FQsYdrchqBlhE65QAAAEg 109.202.99.36 38530 127.0.0.1 7081 --8b052974-B-- GET /.env.production HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --8b052974-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --8b052974-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "restopos.raqmix.net"] [uri "/.env.production"] [unique_id "aIYK65FQsYdrchqBlhE65QAAAEg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083906616 17813 (- - -) Stopwatch2: 1753615083906616 17813; combined=3219, p1=550, p2=2588, p3=0, p4=0, p5=80, sr=157, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b052974-Z-- --db2bdf0a-A-- [27/Jul/2025:14:18:03.935286 +0300] aIYK6xRgfRw0MwNhOFysIAAAAAU 109.202.99.36 38546 127.0.0.1 7081 --db2bdf0a-B-- GET /database_backup.sql HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --db2bdf0a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --db2bdf0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/database_backup.sql"] [unique_id "aIYK6xRgfRw0MwNhOFysIAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615083922544 12799 (- - -) Stopwatch2: 1753615083922544 12799; combined=4300, p1=528, p2=3696, p3=0, p4=0, p5=75, sr=165, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --db2bdf0a-Z-- --e36ff626-A-- [27/Jul/2025:14:18:04.021773 +0300] aIYK7BRgfRw0MwNhOFysJAAAABU 109.202.99.36 38582 127.0.0.1 7081 --e36ff626-B-- GET /server.key HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --e36ff626-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --e36ff626-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/server.key"] [unique_id "aIYK7BRgfRw0MwNhOFysJAAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615084011010 10824 (- - -) Stopwatch2: 1753615084011010 10824; combined=2517, p1=436, p2=1991, p3=0, p4=0, p5=90, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e36ff626-Z-- --3c422d1d-A-- [27/Jul/2025:14:18:04.277821 +0300] aIYK7JFQsYdrchqBlhE66AAAAFE 109.202.99.36 38660 127.0.0.1 7081 --3c422d1d-B-- GET /_vti_pvt/service.pwd HTTP/1.0 Host: restopos.raqmix.net X-Real-IP: 109.202.99.36 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --3c422d1d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.2.29 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --3c422d1d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||restopos.raqmix.net|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restopos.raqmix.net"] [uri "/_vti_pvt/service.pwd"] [unique_id "aIYK7JFQsYdrchqBlhE66AAAAFE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/restopos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615084265588 12303 (- - -) Stopwatch2: 1753615084265588 12303; combined=2952, p1=432, p2=2355, p3=0, p4=0, p5=164, sr=132, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3c422d1d-Z-- --6a8cc260-A-- [27/Jul/2025:14:20:21.465166 +0300] aIYLcxRgfRw0MwNhOFyvigAAABE 34.124.208.70 40922 127.0.0.1 7081 --6a8cc260-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: glamilea.com X-Real-IP: 34.124.208.70 X-Accel-Internal: /internal-nginx-static-location Connection: close upgrade-insecure-requests: 1 sec-fetch-mode: navigate sec-fetch-site: same-origin accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br sec-fetch-dest: document sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 referer: http://glamilea.com/wp-login.php cookie: yay_currency_widget=29035; wordpress_test_cookie=WP%20Cookie%20check --6a8cc260-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --6a8cc260-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIYLcxRgfRw0MwNhOFyvigAAABE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753615219149455 2315862 (- - -) Stopwatch2: 1753615219149455 2315862; combined=4732, p1=628, p2=3984, p3=0, p4=0, p5=120, sr=183, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6a8cc260-Z-- --40a1bd2a-A-- [27/Jul/2025:14:43:40.520187 +0300] aIYQ7BRgfRw0MwNhOFzSwQAAAAc 195.178.110.68 49234 127.0.0.1 7081 --40a1bd2a-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --40a1bd2a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --40a1bd2a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYQ7BRgfRw0MwNhOFzSwQAAAAc"] Stopwatch: 1753616620515479 4804 (- - -) Stopwatch2: 1753616620515479 4804; combined=2625, p1=662, p2=1886, p3=0, p4=0, p5=77, sr=158, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --40a1bd2a-Z-- --2fc4a179-A-- [27/Jul/2025:14:43:50.629104 +0300] aIYQ9pFQsYdrchqBlhFLsgAAAEQ 93.123.109.64 59340 127.0.0.1 7081 --2fc4a179-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; LM-V500N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --2fc4a179-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --2fc4a179-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYQ9pFQsYdrchqBlhFLsgAAAEQ"] Stopwatch: 1753616630623786 5438 (- - -) Stopwatch2: 1753616630623786 5438; combined=3131, p1=658, p2=2320, p3=0, p4=0, p5=153, sr=179, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2fc4a179-Z-- --9834691e-A-- [27/Jul/2025:14:45:40.949833 +0300] aIYRZBRgfRw0MwNhOFzWKAAAAAg 185.177.72.27 33740 127.0.0.1 7081 --9834691e-B-- GET /.git/config HTTP/1.0 Host: shawer.net X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --9834691e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 11 May 2025 14:54:49 GMT ETag: "328-634dd619400a3" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9834691e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shawer.net"] [uri "/.git/config"] [unique_id "aIYRZBRgfRw0MwNhOFzWKAAAAAg"] Stopwatch: 1753616740943647 6325 (- - -) Stopwatch2: 1753616740943647 6325; combined=3608, p1=772, p2=2719, p3=0, p4=0, p5=116, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9834691e-Z-- --848cd148-A-- [27/Jul/2025:14:45:41.467172 +0300] aIYRZRRgfRw0MwNhOFzWMQAAAAY 185.177.72.27 33816 127.0.0.1 7081 --848cd148-B-- GET /.env HTTP/1.0 Host: shawer.net X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --848cd148-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 11 May 2025 14:54:49 GMT ETag: "328-634dd619400a3" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --848cd148-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shawer.net"] [uri "/.env"] [unique_id "aIYRZRRgfRw0MwNhOFzWMQAAAAY"] Stopwatch: 1753616741461847 5424 (- - -) Stopwatch2: 1753616741461847 5424; combined=3289, p1=876, p2=2327, p3=0, p4=0, p5=86, sr=319, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --848cd148-Z-- --4c7af035-A-- [27/Jul/2025:14:45:41.533122 +0300] aIYRZRRgfRw0MwNhOFzWMwAAABg 185.177.72.27 33832 127.0.0.1 7081 --4c7af035-B-- GET /api/.env HTTP/1.0 Host: shawer.net X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --4c7af035-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 11 May 2025 14:54:49 GMT ETag: "328-634dd619400a3" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --4c7af035-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shawer.net"] [uri "/api/.env"] [unique_id "aIYRZRRgfRw0MwNhOFzWMwAAABg"] Stopwatch: 1753616741529067 4146 (- - -) Stopwatch2: 1753616741529067 4146; combined=2440, p1=561, p2=1777, p3=0, p4=0, p5=102, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4c7af035-Z-- --700ef168-A-- [27/Jul/2025:14:45:41.598453 +0300] aIYRZRRgfRw0MwNhOFzWNAAAAAw 185.177.72.27 33840 127.0.0.1 7081 --700ef168-B-- GET /config/.env HTTP/1.0 Host: shawer.net X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --700ef168-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 11 May 2025 14:54:49 GMT ETag: "328-634dd619400a3" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --700ef168-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shawer.net"] [uri "/config/.env"] [unique_id "aIYRZRRgfRw0MwNhOFzWNAAAAAw"] Stopwatch: 1753616741594188 4357 (- - -) Stopwatch2: 1753616741594188 4357; combined=2577, p1=593, p2=1825, p3=0, p4=0, p5=158, sr=242, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --700ef168-Z-- --51661c72-A-- [27/Jul/2025:15:07:50.030559 +0300] aIYWlhRgfRw0MwNhOFz1VAAAABI 170.39.218.51 33096 127.0.0.1 7081 --51661c72-B-- GET /.env HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --51661c72-F-- HTTP/1.1 403 Forbidden Content-Length: 276 Connection: close Content-Type: text/html; charset=iso-8859-1 --51661c72-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/.env"] [unique_id "aIYWlhRgfRw0MwNhOFz1VAAAABI"] Stopwatch: 1753618070026581 4054 (- - -) Stopwatch2: 1753618070026581 4054; combined=2420, p1=512, p2=1772, p3=26, p4=40, p5=70, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51661c72-Z-- --64ef8866-A-- [27/Jul/2025:15:07:50.669106 +0300] aIYWlhRgfRw0MwNhOFz1XQAAAAo 170.39.218.51 33218 127.0.0.1 7081 --64ef8866-B-- GET /.env.save HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --64ef8866-F-- HTTP/1.1 404 Not Found Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --64ef8866-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/.env.save"] [unique_id "aIYWlhRgfRw0MwNhOFz1XQAAAAo"] Stopwatch: 1753618070663594 5569 (- - -) Stopwatch2: 1753618070663594 5569; combined=3486, p1=466, p2=2896, p3=24, p4=36, p5=64, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --64ef8866-Z-- --94de8a52-A-- [27/Jul/2025:15:07:51.247561 +0300] aIYWl5FQsYdrchqBlhFbVQAAAEI 170.39.218.51 33306 127.0.0.1 7081 --94de8a52-B-- GET /.env.prod HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --94de8a52-F-- HTTP/1.1 404 Not Found Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --94de8a52-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/.env.prod"] [unique_id "aIYWl5FQsYdrchqBlhFbVQAAAEI"] Stopwatch: 1753618071242684 4955 (- - -) Stopwatch2: 1753618071242684 4955; combined=2958, p1=673, p2=2133, p3=29, p4=38, p5=84, sr=173, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --94de8a52-Z-- --acd0eb70-A-- [27/Jul/2025:15:07:51.947604 +0300] aIYWl5FQsYdrchqBlhFbWgAAAFE 170.39.218.51 33428 127.0.0.1 7081 --acd0eb70-B-- GET /api/.env HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --acd0eb70-F-- HTTP/1.1 404 Not Found Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --acd0eb70-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/api/.env"] [unique_id "aIYWl5FQsYdrchqBlhFbWgAAAFE"] Stopwatch: 1753618071942485 5187 (- - -) Stopwatch2: 1753618071942485 5187; combined=3467, p1=1308, p2=1971, p3=24, p4=96, p5=67, sr=896, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --acd0eb70-Z-- --f62a2904-A-- [27/Jul/2025:15:07:52.495335 +0300] aIYWmBRgfRw0MwNhOFz1agAAABI 170.39.218.51 33510 127.0.0.1 7081 --f62a2904-B-- GET /dev/.env HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --f62a2904-F-- HTTP/1.1 404 Not Found Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --f62a2904-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/dev/.env"] [unique_id "aIYWmBRgfRw0MwNhOFz1agAAABI"] Stopwatch: 1753618072491347 4100 (- - -) Stopwatch2: 1753618072491347 4100; combined=2424, p1=506, p2=1758, p3=23, p4=32, p5=104, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f62a2904-Z-- --760c5501-A-- [27/Jul/2025:15:07:53.150635 +0300] aIYWmZFQsYdrchqBlhFbXwAAAFI 170.39.218.51 35192 127.0.0.1 7081 --760c5501-B-- GET /application/.env HTTP/1.0 Host: webmail.first-builders.com X-Real-IP: 170.39.218.51 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --760c5501-F-- HTTP/1.1 404 Not Found Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --760c5501-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.first-builders.com"] [uri "/application/.env"] [unique_id "aIYWmZFQsYdrchqBlhFbXwAAAFI"] Stopwatch: 1753618073144591 6152 (- - -) Stopwatch2: 1753618073144591 6152; combined=3866, p1=507, p2=3038, p3=211, p4=39, p5=71, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --760c5501-Z-- --35befc10-A-- [27/Jul/2025:15:10:21.660674 +0300] aIYXLRRgfRw0MwNhOFz4fgAAAAc 93.123.109.64 37054 127.0.0.1 7081 --35befc10-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --35befc10-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --35befc10-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYXLRRgfRw0MwNhOFz4fgAAAAc"] Stopwatch: 1753618221655365 5434 (- - -) Stopwatch2: 1753618221655365 5434; combined=3080, p1=792, p2=2186, p3=0, p4=0, p5=101, sr=252, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --35befc10-Z-- --b0ab756d-A-- [27/Jul/2025:15:10:26.367699 +0300] aIYXMhRgfRw0MwNhOFz4lQAAABE 93.123.109.64 37856 127.0.0.1 7081 --b0ab756d-B-- GET /.git/config HTTP/1.0 Host: admin.own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.90 Safari/537.36 Vivaldi/1.4.589.11 Accept-Charset: utf-8 Accept-Encoding: gzip --b0ab756d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 19 May 2025 12:23:57 GMT ETag: "328-6357c34bf094a" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b0ab756d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "admin.own-dev.com"] [uri "/.git/config"] [unique_id "aIYXMhRgfRw0MwNhOFz4lQAAABE"] Stopwatch: 1753618226363171 4638 (- - -) Stopwatch2: 1753618226363171 4638; combined=2660, p1=746, p2=1837, p3=0, p4=0, p5=77, sr=218, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b0ab756d-Z-- --e5737665-A-- [27/Jul/2025:15:18:43.868453 +0300] aIYZIxRgfRw0MwNhOFwE_AAAAA0 172.93.102.109 37764 127.0.0.1 7081 --e5737665-B-- GET /.git/config HTTP/1.0 Host: casa-eg.com X-Real-IP: 172.93.102.109 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozila/5.0 Referer: http://casa-eg.com/.git/config Accept-Encoding: gzip --e5737665-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --e5737665-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "casa-eg.com"] [uri "/.git/config"] [unique_id "aIYZIxRgfRw0MwNhOFwE_AAAAA0"] Stopwatch: 1753618723863803 4768 (- - -) Stopwatch2: 1753618723863803 4768; combined=3078, p1=618, p2=2376, p3=0, p4=0, p5=83, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e5737665-Z-- --cdd0eb26-A-- [27/Jul/2025:15:25:18.717084 +0300] aIYarpFQsYdrchqBlhFmgQAAAEU 65.181.111.149 51208 127.0.0.1 7081 --cdd0eb26-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 65.181.111.149 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 referer: http://riyadhchocolate.com/wp-login.php accept-encoding: gzip, deflate, br upgrade-insecure-requests: 1 sec-fetch-dest: document cookie: wordpress_test_cookie=WP%20Cookie%20check --cdd0eb26-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --cdd0eb26-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIYarpFQsYdrchqBlhFmgQAAAEU"] Stopwatch: 1753619118710614 6594 (- - -) Stopwatch2: 1753619118710614 6594; combined=3773, p1=868, p2=2820, p3=0, p4=0, p5=85, sr=175, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cdd0eb26-Z-- --6eaa4210-A-- [27/Jul/2025:15:27:13.979185 +0300] aIYbIRRgfRw0MwNhOFwQfwAAAAU 213.209.143.116 45528 127.0.0.1 7081 --6eaa4210-B-- GET /.env HTTP/1.0 Host: crm.verozone.md X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --6eaa4210-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --6eaa4210-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.verozone.md"] [uri "/.env"] [unique_id "aIYbIRRgfRw0MwNhOFwQfwAAAAU"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/autoload.php) is not within the allowed path(s): (/var/www/vhosts/verozone.md/:/tmp/) in /var/www/vhosts/verozone.md/crm.verozone.md/vendor/vonage/nexmo-bridge/src/Autoloader.php on line 69' Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.verozone.md/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753619233369412 609930 (- - -) Stopwatch2: 1753619233369412 609930; combined=6305, p1=2694, p2=3477, p3=0, p4=0, p5=133, sr=2306, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6eaa4210-Z-- --314ee00b-A-- [27/Jul/2025:15:29:46.415829 +0300] aIYbupFQsYdrchqBlhFpKQAAAFY 34.171.189.112 34604 127.0.0.1 7081 --314ee00b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: first-builders.com X-Real-IP: 34.171.189.112 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --314ee00b-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --314ee00b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "first-builders.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIYbupFQsYdrchqBlhFpKQAAAFY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753619386399758 16175 (- - -) Stopwatch2: 1753619386399758 16175; combined=3104, p1=682, p2=2294, p3=0, p4=0, p5=128, sr=252, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --314ee00b-Z--